UK businesses hit by a cyber-attack are being hit with double the financial pain compared to a year ago, a new survey has found.
Despite the number of reported attacks falling, the average cost of a breach has risen to between £65,000 and £115,000 for small business and £600,000 and £1.15m for large organisations, as the severity and impact of attacks increased throughout 2013.
This marked the third consecutive year in which the cost of data breaches has risen, and highlights the need for businesses to shore up their cyber defences in the face of increasing threats.
The findings were found in the Information Security Breaches Survey 2014, commissioned by the Department for Business, Innovation and Skills (BIS) and carried out by PwC. The survey also found that 81% of large organisations (those with over 250 employees) and 60% of small businesses (those with less than 50 employees) had suffered a security breach in 2013.
This was down from 86% a year ago for the former, and 64% for the latter.
Speaking today at the InfoSecurity Europe event in London, the government’s Universities and Science Minister, David Willetts MP, warned UK businesses that, despite the majority of businesses increasing IT security investment over the previous year, the threats they face remain real.
"These results show that British companies are still under cyber attack," he said. "Increasingly those that can manage cyber security risks have a clear competitive advantage.
"Through the National Cyber Security Programme, the government is working with partners in business, academia and the education and skills sectors to equip the UK with the professional and technical skills we need for long-term economic growth."
The effects of the National Cyber Security Programme, founded last year, are already being felt in businesses, the survey suggests, as the number of businesses confident they have the skills required within their organisations to detect, prevent and manage security breaches increased to 59%, up 6% on last year.
"Breaches are becoming more sophisticated and their impact more damaging," said Andrew Miller, cyber security director at PwC. "Given the dynamic nature of the risk, boards need to be reviewing threats and vulnerabilities on a regular basis. As the average cost of an organisation’s worst breach has increased this year, businesses must make sure that the way they are spending their money in the control of cyber threats is effective."
"Organisations also need to develop the skills and capability to understand how the risk could impact their organisation and what strategic response is required."
