Some 82% of UK companies suffered an information security breach last year, and the damage inflicted by the worst breaches has more than doubled.
The average cost of the most severe online security breaches for big business now start at Â£1.46 million, up from Â£600,000 in 2014, according to The Information Security Breaches Survey, an annual report by the British Department of Business (BIS) and big four accountancy firm PwC.
The average cost of the worst breach suffered by each organization surveyed has gone up sharply for all sizes of business. For companies employing over 500 people, the starting point for breach costs â€“ which includes elements such as business disruption, lost sales, recovery of assets, and fines & compensation â€“ is now Â£1.46 million, while the higher-end of the average range also more than doubled to Â£3.14 million (from Â£1.15 in 2014). For small and medium-sized business, the average cost of the most severe breach is now between Â£75,000 and Â£310,800 for small and medium sized business, up from Â£65,000 – Â£115,000 a year ago.
The survey shows that 90% of large organizations suffered an information security breach, while 74% of small and medium-sized businesses reported the same. Some 59% of respondents expect there will be more security incidents in the next year than last.
Attacks from outsiders have become a greater threat for both small and large businesses. Organizations of all sizes continue to suffer external attacks, but a slow change in the character of these attacks is apparent. Large and small organizations are apparently targeted more by outsiders, with malicious software impacting nearly three-quarters of large organizations and three-fifths of small organizations. Small organizations suffering from malicious software rose 36% over last yearâ€™s figures.
75% of large businesses and 30% of small business suffered staff-related breaches, up from 58%, and respectively, 22% the previous year.
â€œWith 9 out of 10 respondents reporting a cyber breach in the past year, every organization needs to be considering how they defend and deal with the cyber threats they face,â€ says Andrew Miller, Cyber Security Director at PwC. â€œBreaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect, and the impacts we are seeing are increasingly long-lasting and costly to deal with.â€
The Information Security Breaches Survey 2015 shows the rising costs of malicious software attacks and staff-related. More firms are taking action to tackle the cyber threat, with a third of organizations now using the governmentâ€™sÂ â€˜Ten Steps to Cyber Securityâ€™ guidance, up from a quarter in 2014.