By Debbie Evans, Legal & Commercial Director
Ed Vaizey, MP recently highlighted that, “the average cost of the most severe online security breaches for big business now starts at £1.46 million,” over twice the amount of last year’s cost, which averaged at £600k.
The HM Government commissioned ‘Information Security Breaches Survey 2015’ conducted by PwC, details the rising costs of malicious software attacks and staff-related breaches and illustrates the need for companies to take action.
The survey asked organisations throughout the UK about:
- Worst breaches of Information Security
- Emerging trends with respect to the use of technology
- Up and coming trends in Information Security.
Survey highlights include:
- 90% of large organisations reported they had suffered an information security breach, while 74% of small and medium-sized businesses reported the same
- for companies with more than 500 employees the average cost of the most severe breach is now between £1.46m and £3.14m
- for small and medium sized businesses the average cost of the worst breach is between £75,000 and £310,800
- 75% of large businesses and 30% of small business suffered staff-related breaches.
Andrew Miller, Cyber Security Director at PwC, said:
“With 9 out of 10 respondents reporting a cyber-breach in the past year, every organisation needs to be considering how they defend and deal with the cyber threats they face. Breaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect, and the impacts we are seeing are increasingly long-lasting and costly to deal with.”
Key observations from the 2015 survey were:
- The number of security breaches has increased, the scale and cost has nearly doubled. 11% of respondents changed the nature of their business as a result of their worst breach.
- Not as many organisations increased their spending in information security, and fewer organisations than in previous years expect to spend more in the future.
- Nearly 9 out of 10 large organisations surveyed now suffer some form of security breach – suggesting that these incidents are now a near certainty. Businesses should ensure they are managing the risk accordingly.
- Despite the increase in staff awareness training, people are as likely to cause a breach as viruses and other types of malicious software.
- When looking at drivers for information security expenditure, ‘Protecting customer information’ and ‘Protecting the organisation’s reputation’ account for over half of the responses.
- The trend in outsourcing certain security functions and the use of ‘Cloud computing and storage’ continue to rise.