With hackers stealing tens of millions of customer details in recent months, firms across the globe are ratcheting up IT security and nervously wondering which of them is next.

The reality, cyber security experts say, is that however much they spend, even the largest companies are unlikely to be able to stop their systems being breached. The best defence may simply be either to reduce the data they hold or encrypt it so well that if stolen it will remain useless.

Only a few years ago, the primary IT security concern for many large corporations was stopping the loss or theft of physical disks or drives with customer information. Now, much harder to detect online thefts are rife.

Last week, Reuters revealed a host of big name US Fortune 500 companies were on a hiring spree for board level cyber security experts often offering $500,000-700,000 a year, sometimes more.

“Information has become toxic for retailers because the more they have, the bigger a target they become,” said Lamar Bailey, security researcher at IT security firm Tripwire. “The ongoing rash of attacks brings into question what information an organisation should be keeping.”

US retailer Target ousted its CEO Gregg Steinhafel in May after the firm said foreign hackers had stolen up to 70 million items of customer data including some PIN numbers late last year.

IT security experts say firms are becoming increasingly careful

The corporate fallout from the largest recorded breach so far, the loss of password data on some 145 million customers from online retailer eBay, is not yet clear.

A senior eBay executive told Reuters last week that “for a very long time” the firm had not realised customer data had been seriously compromised by the attack.

IT security experts say firms are becoming increasingly careful, now sometimes instructing tens of thousands of users to change passwords if even a single account appears compromised.

Still, a study of 102 UK financial institutions and 151 retail organisations conducted earlier this year by Tripwire showed 40 per cent said they would need two to three days to detect a breach.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.