In 2009, 12 percent of EU businesses suffered security incidents due to hardware or software failures, according to a study released by Eurostat, the statistical office of the European Commission.  By contrast, incidents involving the destruction or corruption of data due to malicious software infection or unauthorized access were only reported by five percent of enterprises.  One percent of enterprises suffered a loss of data because of intrusion, pharming or phishing attacks.  The study also found that 50 percent of EU companies use a strong password (8 or more characters that are a mix of uppercase, lowercase, alphanumeric and special characters) or a hardware token to protect data.

The report has been issued as network and information security is once again moving onto the agenda of EU policy makers.  Parliament is expected to begin considering beefed-up legislation on cyber crime in the new year.  A breach notification provision applicable to all EU businesses is also widely anticipated to be included in the Commission’s proposals to amend the Data Protection Directive, which are expected in the summer of 2011.