Big business 'could do more to protect private data'


Major companies could go much further to shield their private data and cut the risk of falling victim to hacking, a report has found.

Cyber attackers could take advantage of data leaked by more than three-quarters of the companies listed in the Forbes 2000, the KPMG Cyber Vulnerability Index said.

The banking industry is the worst offender in terms of the number of sensitive file locations found on websites, while 71% of firms may be using potentially vulnerable or outdated versions of Adobe and Microsoft software.

But companies in the UK fared better than firms in many other countries and did not feature in the list of the 10 most vulnerable countries.

Four out of 10 companies in Switzerland were most open to attack through vulnerable web server software, while firms in Japan (22%) and Spain (9%) were also at risk.

Businesses in fast-growing economies such as China, Brazil, Thailand and Saudi Arabia also faced dangers.

Martin Jordan, director of information protection at KPMG, said: “The world of cyber security has been tilted on its axis over the past two years – from the actions of hacktivists and associated groups – through to state-sponsored agencies with seemingly unlimited resources.

“Attackers are aiming for an increased competitive edge or to gain better access to greater intellectual property – whatever their level of sophistication. While it’s difficult to stop these groups, companies can, at the very least, deny them ‘open all areas’ access to their secrets which unwittingly, they may have laid bare.”

The Cyber Response team at KPMG simulated the first steps which cyber attackers may undertake against the Forbes 2000 list of companies using domain data over a six-month period as part of the study.

Data security expert Graeme Batsman, director of Data Defender, said large companies had more to lose from data breaches than smaller firms.

Batsman said: “For very large companies a data breach can be bad, but if you only have 10 staff then the media are not that interested.

“The Information Commissioner has a habit of fining in only 5% of cases and they usually go for the larger ones and so companies probably think they can get away with it.”

Batsman also pointed out a number of data problems companies can encounter. He said: “You can’t be narrow-minded about hacking and there are companies out there that are, but there are so many aspects to think about.

“If you look at the Information Commissioner’s news feed, a lot of cases are about left laptops, lost USBs and CDs with patient records disappearing in the post.”