http://pictures.directnews.co.uk/liveimages/Laptop_1071_18310733_0_0_7003925_100.jpg

The financial damage to a company suffering a security breach involving sensitive data is likely to increase significantly over the next few years, according to a new study.

Research conducted by Gartner found that the cost to enterprise of such security issues will increase by 20 per cent a year, at least until 2009.

"The biggest attack risk to enterprises comes from targeted attacks," vice president and distinguished analyst for Gartner John Pescatore said. "In addition, phishing and identity theft attacks have caused the rise of 'credentialed' attacks, in which the attacker uses the credentials of a legitimate user."

In fact, a separate report from McAfee highlighted recently the risk posed by employees and lax password security, as it found that 41 per cent of people never change their passwords.

Despite the fact that spending on security accounts for an average of 12 per cent of an enterprise's IT budget, including disaster recovery investment, the Gartner report said there was little connection between actual security and security spending.

Ray Wagner, managing vice president at the analysis firm, said that prioritising security for new applications and processes can be effective while reducing costs.

"Just as important is understanding where security funds are being spent and where that spending is effective or ineffective," he added. "Security metrics should be established for all major security spending areas."

Research for Connect in 2007 found that 88 per cent of UK businesses were interested in Disaster Recovery systems primarily to protect their critical applications and data