Cloud computing and social networking is leaving UK businesses exposed to cyber attacks and data breaches.

The 2010 Information Security Breaches Survey (ISBS), commissioned by the Infosecurity Europe show and written by PricewaterhouseCoopers LLP, shows that as organisations have looked to cut their IT costs, they have increasingly turned to external providers who host applications on their behalf.

These services, including software-as-a-service ( SaaS) and cloud computing, are now used by over three-quarters of the organisations polled for the survey, and of these, 44% said they were entrusting critical services to third parties. All sectors are making use of the services, but government is least likely to release control of critical services, the survey found.

At the same time that companies are increasing their dependence on other organisations for their IT services, there has been an explosion of new cyber attacks. The survey found that 61% of large organisations have detected a significant attempt to break into their network in the last year, twice as many as two years ago.

Some 15% of large organisations have detected actual penetration by an unauthorised outsider into their network in the last year, and it is likely that many more were undetected. In addition, 25% of large organisations have suffered a denial of service attack in the last year, also more than double the proportion in 2008.

“Outsourcing IT services does not make the security risk go away, but few companies are taking enough steps to ensure their outsourced services are not vulnerable to attack,” says the report.

Chris Potter, partner for OneSecurity at PricewaterhouseCoopers LLP, said, “Very few organisations are encrypting data held on virtual storage, including the ‘cloud’. Worryingly, only 17% of those with highly confidential data at external providers ensure that it is encrypted.”

Potter said virtualisation and cloud computing are set to follow the trend, established over the last decade, of controls lagging behind the adoption of new technologies. “Given the increased criticality and confidentiality of information held on virtual storage, organisations need to respond quickly to close this control gap,” he said.

Staff postings to social networking sites also pose a new data leakage risk, says the report. Organisations are now reassessing their approach to controlling staff access to the internet. The trend, established between 2006 and 2008, of allowing more staff to access the internet has been reversed. Nearly half of large organisations now restrict which staff can access the internet - less than a third did so in 2008.

Use of software to block access to inappropriate websites is slightly up on two years ago. But the use of web access logging and monitoring is relatively static. Organisations are one-and-a-half times more likely to monitor postings to social networking sites if social networking is considered very important to their business, found the survey.

The survey findings were based on responses from security professionals at over 500 organisations spread across all industry sectors.

Infosecurity Europe takes place on 27-29 April at Earls Court in London.