The average cost of a UK data breach stands at more than £2.5 million
The average cost of a data breach for global businesses has risen by almost a third since 2013, according to a new study.
IBM and Ponemon found that the average cost of an attack stood at $4 million (around £2.8 million at the time of the study’s release). This represented a rise of 29% since 2013.
Looking at the UK specifically, the study found that the average data breach cost businesses £2.53 million. This represented a slight increase from the £2.37 million reported in 2015. The average cost of each record stolen did decrease slightly however, from £104 to £102.
In terms of the straight financial cost, smaller businesses tend to face smaller bills but these could have a higher proportional impact. The third annual data breach preparedness study from Experian, released earlier in the year, found that SMEs estimated the average cost of a data breach to be £179,990. According to government figures, the true cost is closer to £310,000, a difference of more than £130,000. This could easily be enough to tip some companies requiring insolvency or recovery methods, especially if they are unable to recover from the reputational damage that an attack can bring.
The IBM and Ponemon survey found that cyber-attacks have continued to rise at an alarming rate. There was a 64% rise in cyber-security incidents in 2015 compared to the previous year and attacks were also becoming increasingly sophisticated. Both factors contributed to the rising cost of breaches.
One way to reduce these costs is to react quicker to potential breaches. The study found that the estimated average time before a breach was even identified stood at 201 days. After identification it took a further 70 days to contain the breach.
The study found that having a dedicated incident response team in place saved global companies an average of $400,000. This was the biggest single factor in reducing the costs of a data breach but only around 30% of US security executives said they had an incident response plan in place. Smaller firms can also struggle with the costs of implementing such methods.
By Phil Smith