The average cost to large organisations of the most severe online security breaches is at least £1.46 million – more than twice the £600,000 average of just 12 months ago, according to research carried out by the Government and PwC.
The Information Security Breaches Survey 2015, launched by Digital Economy Minister Ed Vaizey, at this week's Infosecurity Europe event, shows the nationwide extent of malicious cyber-attacks and staff-related security breaches.
The Survey found that, in the past year, 90% of large organisations and 74% of small businesses experienced a data security breach, either from a malicious external attack on their IT systems, or from human failure that resulted in data and/or financial loss.
PwC surveyed 664 organisations across the UK, including large organisations (250+ employees) across the public and private sectors and small businesses (less than 50 employees).
Key findings in the 2015 survey included:
· 90% of large organisations reported they had suffered an information security breach, while 74% of small and medium-sized businesses reported a breach.
· For companies with more than 500 employees the average cost of the most severe breach is now between £1.46 million and £3.14 million.
· For small and medium sized businesses the average cost of the worst breach is between £75,000 and £310,800.
· Attacks from outsiders have become a greater threat for both small and large businesses
PwC found that, in the past 12 months, 75% of large organisations and 31% of small companies experienced staff-related security breaches – up from 58% and 22% respectively, in 2014. When asked about the single most severe staff-related breach they had experienced over the year, around half of all organisations and businesses attributed the cause to, “inadvertent human error,” substantially up from 31% reporting human error as the worst breach in the 2014 Survey.
Despite the 2014 Survey reporting an increase in both security breaches and associated costs, almost a third of all respondents (32%) hadn’t undertaken any form of data security risk assessment.
Commenting on the Information Security Breaches Survey 2015 Chris Wight, technology risk partner at PwC in the Midlands said:
“With nine out of ten respondents reporting a cyber-breach in the past year, Midlands organisations need to consider how they will defend against and deal with the cyber threats they face. Breaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect and we are seeing impacts that are increasingly long-lasting and more costly to resolve.”
The Survey found that more firms are now taking action to tackle the cyber threat, with a third of organisations now using the Government’s “Ten Steps to Cyber Security” guidance, up from a quarter in 2014.
And nearly half (49%) of all organisations have achieved a “Cyber Essentials” badge to protect themselves from common internet threats, or plan to get one in the next year.
Nevertheless, PwC noted the vulnerability of ‘new’ technology and devices. Some 15% of large organisations reported a security or data breach related to tablets or smartphones, 13% experienced similar issues on their social network sites, with 7% reporting a security or data breach on one of their cloud computing services.
Responding to the survey findings, Digital Economy Minister Ed Vaizey said:
“The UK’s digital economy is strong and growing, which is why British businesses remain an attractive target for cyber-attack and the cost is rising dramatically.
“Businesses that take this threat seriously are not only protecting themselves and their customers’ data but securing a competitive advantage.
“I would urge businesses of all sizes to make use of the help and guidance available from Government and take up the Cyber Essentials Scheme.”