Cyberattack Cost ‘More than Doubles in a Year’

A UK government report suggests that the cost to businesses of hacking attacks and security breaches has more than doubled in the past year.

The average ‘starting costs’ for a major security breach at large organisations has risen to an average £1.46m (US$2.24m/€1.99m), up from £600,000 last year, while for smaller firms the cost is typically £310,000 against £115,000 in 2014. The figures is made up of the cost to cover business disruption, lost sales, recovery of assets, fines and compensation.

The attacks are becoming so severe that just over one in 10 UK companies that suffered a security breach said they had changed the nature of their business as a result.

The UK government-commissioned information security breaches survey from consultancy firm PwC also found that 90% of large organisations suffered a cyberattack over the year, a rise of nine percentage points. For small businesses the figure was 74%, up from 60% a year ago.

Speaking as the report was launched, Ed Vaizey, digital economy minister, said: “The UK’s digital economy is strong and growing, which is why British businesses remain an attractive target for cyberattack and the cost is rising dramatically.

“Businesses that take this threat seriously are not only protecting themselves and their customers’ data but securing a competitive advantage.”

The report also revealed that while security on traditional computer systems is being addressed, the growing dependence on smartphones and tablets could leave companies open to attack. The number of companies reporting security breaches via mobile devices more than doubled from 7% in 2014 to 15%.

Human error is another growing area of vulnerability, according to the report. The proportion of large organisations suffering a staff-related breach rose to 75%, against just under 60% a year ago. Asked about their worst single breach, organsiations attributed half to inadvertent human error.

Andrew Miller, cyber security director at PwC, said: “Breaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect, and the impacts we are seeing are increasingly long-lasting and costly to deal with.”

How businesses are being attacked is also changing: 69% of large UK organisations said they were attacked by an unauthorised outsider, up from 55% a year ago.


Related reading