A staggering 90% of large businesses in the United Kingdom have reported they have suffered an information security breach, alongside 74% of small and medium-sized businesses. The average cost of the most severe online security breaches for big business can now reach £3.14 million ($4.8 million). It starts at £1.46 million, up from £600,000 in 2014, according to government research published today to raise awareness of the growing cyber threat.
The average cost of security breaches for companies with more than 500 employees is between £1.46 million and £3.14 million, says the UK’s Department of Business, Innovation and Skills (BIS). For small and medium-sized businesses (SMEs), the average cost of the worst breach is between £75,000 and £310, 800. This is up from a worst case scenario on costs for SMEs of cyber security breaches of just £115,000 in 2014.
Cyber security is a major cost to business, as well as its shareholders. If costs keep rising like this, it will also surely be a major deterrent to the growth of new businesses.
Launching the Information Security Breaches Survey 2015 at the Infosecurity Europe event in London, UK Digital Economy Minister Ed Vaizey put a positive slant on it. He said: “The UK’s digital economy is strong and growing, which is why British businesses remain an attractive target for cyber-attack and the cost is rising dramatically. ”
“Businesses that take this threat seriously are not only protecting themselves and their customers’ data but securing a competitive advantage” he added.
While cyber security is undeniably on the agenda for many UK boardrooms, the reaction to information security risk to date has been largely defensive. The challenge for UK industry remains to make the step change to seeing cyber preparedness as ‘competitive advantage’ – and the government is pulling out the stops to help.
A third of organizations are now using the UK government’s ‘Ten Steps to Cyber Security’ guidance, up from a quarter in 2014, says BIS. It points out that nearly half (49%) of all organizations have either achieved a ‘Cyber Essentials’ badge to protect themselves from common internet threats, or they plan to get one in the next year. There is also a substantial amount of of free guidance available from government to help businesses secure themselves against costly cyber security breaches.
But boardrooms are clearly still struggling to come to grips with the new risk factors that come alongside technological innovation. The Financial Times reported today that British financial institutions have been investigated 585 times for data privacy breaches in the past 12 months — almost triple the number of probes in the previous year.
This sharp increase, revealed – says the FT – by a freedom of information request to the Information Commissioner’s Office, shows that consumers are becoming more concerned about how financial services companies use their data.
And consumers – both as shareholders and as stakeholders – will ultimately be the mainstay of the survival of financial institutions as they struggle to adapt to a plethora of change.
Another ‘human factor’ in cyber security should also not be overlooked. As PwC – which was commissioned to conduct the survey for the UK government – points out, “staff-related breaches feature notably in this year’s survey. Three-quarters of large organisations suffered a staff-related breach and nearly one-third of small organisations had a similar occurrence (up from 22% the previous year).”
The pressing need for action around cyber security should also – by implication – make boardrooms focus on the importance of employee engagement for the best corporate governance on the path to business success.
This article was written by Dina Medland from Forbes and was legally licensed through the NewsCred publisher network.