View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 10, 2016updated 04 Sep 2016 10:24pm

£1.2m and a 13% drop in revenue – the cost of a data breach to UK businesses

News: The £1.2m figure does not include 'hidden costs' - so the figure could be much, much higher.

By Ellie Burns

It is widely accepted that a data breach or cyber attack is a ‘when’ not ‘if’ scenario for today’s businesses. However, new figures from NTT Com Security have highlighted just how important it is for businesses to secure and protect against data breaches.

According to NTT Com Security’s Risk:Value report, business decision makers expect a data breach to cost upwards of £1.2m in recovery costs.

According to those surveyed, the £1.2m figure does not include hidden costs like reputational damage and brand erosion, with the expected recovery time following a data breach lasting two months. Respondents also anticipated a 13% drop in revenue, on average, following a breach.

The hidden costs of a data breach ranged from legal fees to executive changes. The vast majority of respondents in the UK admitted that they would suffer both externally and internally if data was stolen, including loss of customer confidence (66%) and damage to reputation (57%), as well as direct financial loss (41%). Over a third of decision makers (34%) expects to resign or expects another senior colleague to resign as a result of a breach.

The resignation of a senior exec following a data breach all rests on who the business thinks is responsible. When it comes to responsibility for managing the company’s recovery plan, 15% say the CEO now has responsibility, although it still largely falls to the Chief Risk Officer (CRO), Chief Information Office (CIO) or Chief Security Officer (CSO).

The survey also highlighted that the ‘when not if’ approach is disputed by some organisations, with a third disagreeing that their organisation will suffer a data breach at some point.

There was further conflict found in the survey findings when respondents were asked about the role of security in their organisation. A fifth of those surveyed admit that poor information security is the ‘single greatest risk’ to the business, despite nearly half (48%) stating that information security is ‘vital’ to their organisation.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Despite the aforementioned conflict in the survey findings, the survey did reveal that companies are taking proactive steps in fighting the threat of data breaches. 41% of UK organisations have a disaster recovery plan in place, and 40% have a formal security policy in place.

However, when it comes to insurance, UK businesses are lagging behind. While 77% agree it is ‘vital’ their business is insured for security breaches, only 26% have dedicated cyber security insurance. However, 38% are in the process of getting a policy. One in five respondents in the UK say they do not know if their organisation has any type of insurance to cover for the financial impact of data loss or an information security breach.

Stuart Reed, Senior Director, Global Product Marketing, NTT Com Security, said: "It’s encouraging to see that almost all UK businesses now have a disaster recovery and formal information security policy in place, or are planning to implement one soon,"

"Clear, concise internal processes and policies for employees and contractors have so often been overlooked and this is what can lead to complacency and poor security hygiene. When we talk to clients, we make it clear that educating staff about security should be a top priority, supported by clear, simple procedures and backed up by a solid incident response plan."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.