PwC report: 8 out of 10 organisations suffered staff-related security breaches in 2011

Only 39 per cent of large businesses encrypt mobile devices, according to a new report from PwC

More than 80 per cent of large organisations in the UK suffered security breaches caused by staff last year, according to a new report by consultancy firm PricewaterhouseCoopers (PwC).

The report, entitled the Information Security Breaches Survey, gauged the opinions of security professionals in 447 organisations from a range of industry sectors.

The survey found that 82 per cent of large organisations had reported security breaches caused by staff, with 47 per cent reporting incidents where staff had leaked or lost confidential information.

The survey's author, PwC information security partner Chris Potter, said the results were disappointing, but not surprising.

"It's not a surprise because it has crept up over the years, but it is still a huge proportion of large companies that are having issues with their staff," he said. "A growing phenomenon continues to be around loss of confidential information and breaches of the Data Protection Act.

The survey also found that 75 per cent of large organisations allow staff to use smartphones and tablets to connect to their corporate systems, while only 39 per cent of these organisations apply data encryption on the devices.

"It is surprising how few large companies encrypt data on smartphones and tablets. Of course, encryption is only one aspect of defence, as the business also needs device management and various authentication, for example, but the survey also found that the percentage of large businesses adopting those kinds of techniques were similar to the number encrypting the device," Potter said.

Potter argued that the report's finding indicated that security training is being neglected.

"One of the biggest things that large organisations can do is to invest in security awareness programmes," he said.

"If staff are educated on the security policies then there is a reduced chance of having staff-related security breaches, which in turn creates less costs for the business and those saved costs can be invested in educating staff further."