Eurostat publiceert statistieken over ICT beveiligingsincidenten in 2010 (en)

Met dank overgenomen van Eurostat (ESTAT) i, gepubliceerd op donderdag 9 december 2010.

During 2009, ICT security incidents1 due to hardware or software failure were experienced by 12% of enterprises2 in the EU27. Incidents involving the destruction or corruption of data due to malicious software infection or unauthorised access were reported by 5% of enterprises. In January 2010, half of the enterprises in the EU27 used a strong password3 or hardware token3 for authentication and user identification.

These data4 come from Eurostat i, the statistical office of the European Union, and form part of the results of a survey conducted at the beginning of 2010 on ICT (Information and Communication Technologies) usage and

e-commerce in enterprises in the EU27 Member States i, Iceland, Norway and Croatia, with a special focus on ICT Security.

Two thirds of large enterprises used mobile broadband connections

In the EU27, 94% of enterprises had access to the internet in January 2010. While a large majority of enterprises (85%) had a fixed broadband connection5, 27% of all enterprises already used mobile broadband connections5. Among large enterprises2 in the EU27, 67% connected to the internet using mobile broadband, compared with 43% for medium enterprises and 22% for small enterprises.

While the level of internet access and fixed broadband internet connection in January 2010 was high in most EU27 Member States, the share of enterprises using mobile broadband connections, however, ranged more widely, from 6% in Greece, 8% in Romania and 9% in Bulgaria and Estonia to 68% in Finland, 55% in Sweden, 46% in Austria and 43% in Denmark. More than 90% of large enterprises used mobile broadband connections in Finland (95%), Austria and Sweden (both 91%).

Security incidents affecting the ICT system of enterprises in the EU27 Member States

In 2009, the type of incident most commonly reported by enterprises in EU27 Member States where those resulting in an unavailability of ICT services, destruction or corruption of data due to hardware or software failures, with the highest shares registered in Cyprus, Portugal and Finland (all 26% of enterprises), Denmark (24%), Greece (23%), the Czech Republic (22%) and Slovakia (20%).

The highest proportions of enterprises reporting ICT incidents resulting in the destruction or corruption of data due to malicious software infection or unauthorised access were registered in Slovakia (16%), Portugal (14%), Spain (11%) and Greece (10%) in 2009.

The shares of enterprises reporting unavailability of ICT services due to an attack from outside were highest in Slovakia (11%) and the Netherlands (7%). In the majority of EU27 Member States, the disclosure of confidential data due to intrusion, pharming or phishing attacks was reported by 1% or less of enterprises in 2009.

Around two thirds of enterprises in Italy, Ireland and Slovenia use passwords or tokens for user authentication

While more than 60% of enterprises in Italy (66%), Ireland and Slovenia (both 64%), Spain (63%) and Luxembourg (62%) used a strong password authentication and/or a hardware token for user identification as a security measure in January 2010, these procedures were utilised by less than 30% of enterprises in Slovakia (20%), Hungary (24%) and Romania (29%).

Internet access, fixed and mobile broadband connections by enterprises, January 2010 (%)

 
 

Internet access

Fixed broadband connection

Mobile broadband connections, by size of enterprise

Total

Small

Medium

Large

EU27

94

85

27

22

43

67

Belgium

97

89

29

24

49

70

Bulgaria

85

61

9

7

14

34

Czech Republic

95

85

18

13

35

51

Denmark

97

84

43

39

63

81

Germany

97

89

27

17

40

67

Estonia

96

87

9

7

13

36

Ireland

92

84

36

31

52

73

Greece

90

80

6

5

14

20

Spain

97

95

35

31

57

75

France

97

93

28

23

46

68

Italy

94

83

19

16

38

66

Cyprus

88

85

11

9

19

39

Latvia

91

66

12

10

19

41

Lithuania

96

78

20

16

32

62

Luxembourg

96

87

20

17

26

57

Hungary

90

78

22

18

36

57

Malta

94

91

28

24

41

62

Netherlands

98

90

28

23

47

68

Austria

97

75

46

42

65

91

Poland

96

66

21

16

32

64

Portugal

94

83

25

20

48

75

Romania

79

49

8

6

14

33

Slovenia

97

85

31

26

47

73

Slovakia

98

71

36

32

46

67

Finland

100

93

68

64

88

95

Sweden

96

88

55

50

76

91

United Kingdom

91

87

36

33

58

79

Iceland

98

95

43

36

74

78

Norway

97

84

39

35

61

84

Croatia

95

76

32

29

41

71

ICT related security incidents & internal security procedures in enterprises, 2009 (%)

 
 

Unavailability of ICT services, destruction or corruption of data due to hardware or software failure

Unavailability of ICT services due to attack from outside

Destruction or corruption of data due to malicious software infection or unauthorised access

Disclosure of confidential data due to intrusion, pharming, phishing attack

Enterprises using a strong password and/or a hardware token**

EU27*

12

3

5

1

50

Belgium

12

3

5

1

52

Bulgaria

7

1

5

1

33

Czech Republic

22

2

6

1

40

Denmark

24

6

6

0

56

Germany

9

2

3

0

46

Estonia

:

:

:

:

:

Ireland

16

4

6

1

64

Greece

23

5

10

u

33

Spain

19

6

11

1

63

France

6

2

4

1

33

Italy

16

3

4

1

66

Cyprus

26

5

3

1

43

Latvia

9

2

2

1

42

Lithuania

19

4

7

2

42

Luxembourg

9

2

4

1

62

Hungary

4

0

2

0

24

Malta

14

3

7

2

52

Netherlands

19

7

7

4

53

Austria

6

2

4

u

39

Poland

8

u

u

u

53

Portugal

26

5

14

u

55

Romania

15

2

7

1

29

Slovenia

7

2

3

0

64

Slovakia

20

11

16

4

20

Finland

26

3

3

1

53

Sweden

16

4

2

1

58

United Kingdom

4

2

2

1

53

Iceland

16

3

4

0

40

Norway

19

3

4

1

59

Croatia

7

1

5

0

57
  • EU27 excludes Estonia

** January 2010

  • data not available

u data unreliable

0 = less than 0.5%

  • ICT related security incidents affect the ICT systems of an enterprise and may cause different problems. The following security incidents were covered in the survey:
  • a) 
    Unavailability of ICT services, destruction or corruption of data due to hardware or software failures refers to issues of data integrity caused by hardware or software failures, e.g crashes of servers or hard disks due to hardware failures or crashes of servers due to software failures, e.g. erroneous updates.
  • b) 
    Unavailability of ICT services due to attack from outside refers to attempts from outside to make an information system resource unavailable to its intended users. One aim of these attacks is to prevent an internet site or service from functioning efficiently, e.g. websites of banks, credit card payment gateways.
  • c) 
    Destruction or corruption of data due to malicious software infection or unauthorised access
  • d) 
    Disclosure of confidential data due to intrusion, pharming, phishing attacks refers to an attempt to get confidential information on persons, staff or clients, intellectual property or other confidential information. Intrusion is an attempt to bypass security controls on an information system by viruses, worms, Trojan horses etc. Phishing is a criminally fraudulent attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Pharming is an attack which redirects the traffic of a website to another, bogus website in order to acquire sensitive information.
  • The survey covered enterprises with at least 10 persons employed in manufacturing, electricity, gas and steam, water supply, construction, wholesale and retail trades, repair of motor vehicles and motorcycles, transportation and storage, accommodation and food service activities, information and communication, real estate, professional, scientific and technical activities, administrative and support activities, repair of computers and communication equipment. Size classes: small enterprises (10-49 persons employed), medium enterprises (50-249 persons employed) and large enterprises (250 persons employed or more).
  • User identification refers to the ability to identify and distinguish between individual users. Authentication means to assure the identity of a certain user. Authentication and identification of users are used in the context of authorisation, to define access and usage rights related to specific information or services. A strong password implies that a password has a minimum length of 8 characters. The characters have to be a mix of uppercase, lowercase alphanumeric and special characters. A hardware token is a physical device that authorises the access of the owner of the token to a computer or a network.
  • Eurostat, Data in Focus 49/2010 "ICT usage in enterprises 2010". Available free of charge in PDF format on the Eurostat website. The full set of data can be found in the dedicated section: http://ec.europa.eu/eurostat/ict under "Data", “Comprehensive databases”. Please note that ICT data on the Eurostat website are grouped according to the year in which the survey was conducted.
  • Fixed broadband connection refers to fixed internet connections by which a wide band of frequencies is available to send data, e.g. DSL connection. Mobile broadband connection refers to an internet connection which is accessed via high capacity mobile phone networks, e.g. via a portable computer using a 3G modem or 3G handset
 

Issued by: Eurostat Press Office

Julia URHAUSEN

Tel: +352-4301-33 444

eurostat-pressoffice@ec.europa.eu

Eurostat news releases on the Internet: http://ec.europa.eu/eurostat

For further information on the ICT data:

Maria SMIHILY

Tel: +352-4301-34 666

maria.smihily@ec.europa.eu

Konstantinos GIANNAKOURIS

Tel: +352-4301-34 877

konstantinos.giannakouris@ec.europa.eu