Companies are spending up to £624,000 a week to secure their most sensitive business data abroad, a study has revealed.
The economic downturn has driven many organisations to re-assess the risks of processing data outside their home country, in search of cheaper options. Approximately half the organisations surveyed said they would do so.
About a third of organisations are looking to increase the amount of sensitive information they store abroad, up from one in five two years ago.
China, Russia and Pakistan are perceived to be the least safe countries for data storage. The UK, Germany and the US are perceived to be the safest countries for data storage.
The global study by Intel security division McAfee and Science Applications International Corporation (SAIC) polled 1,000 senior IT decision makers in the UK, US, Japan, China, India, Brazil and the Middle East.
The study confirms that cybercriminals have shifted from stealing personal information, to targeting the corporate intellectual capital of well-known global organisations.
According to the study report, cybercriminals understand there is greater value in selling a corporations' proprietary information and trade secrets.
"We've seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest and seemingly most protected corporations in the world," said Simon Hunt, vice-president and chief technology officer of endpoint security at McAfee.
"Criminals are targeting corporate intellectual capital and they are often succeeding," he said.
The distinction between insiders and outsiders is blurring," said Scott Aken, vice-president for cyber operations at SAIC.
"Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely - just as an insider would. Having defensive strategies against these blended insider threats is essential and organisations need insider threat tools that can predict attacks based on human behaviour," he said.
A quarter of organisations have had a merger or acquisition, or a new product roll-out stopped or slowed by a data breach, or the credible threat of a data breach.
If an organisation experienced a data breach, only half of those organisations took steps to protect systems from future breaches, the study found.
Only three in ten organisations report all data breaches suffered, and six in ten organisations currently pick and choose the breaches they report. The report also shows organisations may seek out countries with more lenient disclosure laws, with eight in ten organisations that store sensitive information abroad influenced by privacy laws requiring notification of data breaches to customers.
One of the greatest challenges organisations face when managing information security is the proliferation of devices, such as iPads, iPhones and Androids. Securing mobile devices continues to be difficult for most organisations, with 62%of respondents identifying this as a challenge.
The report shows the most significant threat reported by organisations when protecting sensitive information is data leaks.
28 Mar 2011