Accessibility Links

UK businesses face £1.2m costs after data breaches

06 / 06 / 2016
UK businesses face £1.2m costs after data breachesThe risks associated with data breaches are well known to most corporate governance professionals, but calculating the direct and indirect costs of such an incident is often difficult. 

However, a new report from NTT Communications has isolated these expenses in more detail - and the results may offer unsettling reading for many companies.  

Organisations face the financial consequences of fines, penalties and lost business, as well as the harder-to-define reputational and customer confidence damage. Overall, a breach costs businesses £1.2 million on average. 

The 2016 Risk:Value report highlighted a number of other worrying trends that may encourage businesses to strengthen their cybersecurity measures in order to prevent forbidden access to their systems. 

Do decision-makers take breaches seriously?

Complacency appears to be one of the main cybersecurity issues affecting organisations in the UK. Less than half of the country's decision-makers said information security is 'vital', while only one-fifth said it's 'good practice'. 

This is despite 75 per cent saying their revenues would decrease following an incident, with the average reduction estimated at 13 per cent. Furthermore, nine per cent of respondents said they had no insurance coverage in the event of a breach. 

The recovery process is also a drawn-out affair for most British organisations. More than two-thirds (67 per cent) claimed they would take longer than a week to remedy a breach; in fact, the average timeframe was approximately two months. 

Understanding the internal and external effects

There are several negative outcomes that arise after a breach occurs. Some of these affect how the business is run internally, and others are external impacts that are outside the organisation's control. 

On the internal side, 47 per cent of decision-makers said employees would face disciplinary action, while 41 per cent feel staff would lose motivation. Over one-third implied heads might roll at the senior management level, and 45 per cent predicted higher workloads to ensure problems don't happen again. 

Meanwhile, 66 per cent believe loss of customer confidence would be the most likely external event. However, damage to reputation (57 per cent), financial penalties from regulators (50 per cent) and direct monetary losses (41 per cent) were also common outcomes. 

Plugging the skills gap

So what can businesses do to tackle cybersecurity challenges? An obvious answer is to recruit professionals who can improve how these threats are identified and managed within the organisation. 

Unfortunately, that may be easier said than done. Our statistics show 68 per cent of hiring managers are finding it difficult to employ security and resilience candidates with the right combination of technical and interpersonal skills. 

Stuart Reed, senior director of global product marketing at NTT Com Security, said cybersecurity has been a headline-grabbing topic recently, but firms still struggle to attract the best talent. 

"It has widely been acknowledged that there is an ongoing cybersecurity skills challenge, which makes recruiting and retaining skilled professionals increasingly difficult, and in part, might be attributed to weaker security for some organisations," he explained. 

Taking a proactive approach

Despite the difficulties companies face when securing experienced professionals for cybersecurity roles, doing nothing is a far riskier approach. Criminals are becoming increasingly sophisticated in their attacks, and businesses could find themselves incurring significant costs after a breach. 

Whether it's legal expenses, customer compensation, increased PR and communication rates or various other liabilities, the problems arising from an incident can be far ranging. 

This is why businesses should create a comprehensive cybersecurity strategy that is underpinned by a highly qualified team of professionals. If you'd like to learn more about how to strengthen your security and resilience headcount, please contact us today.

Our 2016 Market Report combines our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.

Image: NicoElNino via iStock.ADNFCR-1684-ID-801819788-ADNFCR