For SMEs, the worst security breaches are costing between £65,000 and £115,000 on average, compared to between £600,000 and £1.2m for large organisations.
Thankfully, the number of companies affected by such breaches is falling. Sixty per cent of small businesses reported a breach in the last year, down from 64 per cent the year before, according to the Information Security Breaches Survey 2014, commissioned by the Department for BIS. In large organisations, the number has fallen from 86 per cent a year to 81 per cent.
“These results show that British companies are still under cyber attack. Increasingly those that can manage cyber security risks have a clear competitive advantage,” says Universities and Science Minister David Willetts.
“Through the National Cyber Security Programme, the government is working with partners in business, academia and the education and skills sectors to equip the UK with the professional and technical skills we need for long-term economic growth.”
Seventy per cent of companies that have a poor understanding of security policy experienced staff-related breaches, compared to just 41 per cent in companies where security is well understood. This suggests that communicating the security risks to staff and investing in ongoing awareness training results in fewer breaches.
“While the number of breaches affecting UK business has fallen slightly over the past year, the number remains high and in many companies more needs to be done to drive true management of security risks,” adds Andrew Miller, cyber security director at PwC, which conducted the research for the Department for Business.
“As the average cost of an organisation’s worst breach has increased this year, businesses must make sure that the way they are spending their money in the control of cyber threats is effective. Organisations also need to develop the skills and capability to understand how the risk could impact their organisation and what strategic response is required.”
Share this story