The average cost of the most severe online security breaches for big business now starts at £1.46 million – up from £600,000 in 2014, according to government research published today (2 June 2015) to raise awareness of the growing cyber threat.
The Information Security Breaches Survey 2015, published by Digital Economy Minister Ed Vaizey and launched at the Infosecurity Europe event, shows the rising costs of malicious software attacks and staff-related breaches and illustrates the need for companies to take action.
For small and medium sized businesses (SMEs), the most severe breaches cost can now reach as high as £310,800, up from £115,000 in 2014,
However, more firms are taking action to tackle the cyber threat, with a third of organisations now using the government’s ‘Ten Steps to Cyber Security’ guidance, up from a quarter in 2014. And nearly half (49%) of all organisations have achieved a ‘Cyber Essentials’ badge to protect themselves from common internet threats, or plan to get one in the next year.
The survey shows:
- 90% of large organisations reported they had suffered an information security breach, while 74% of small and medium-sized businesses reported the same
- for companies with more than 500 employees the average cost of the most severe breach is now between £1.46 million and £3.14 million
- for small and medium sized business the average cost of the worst breach is between £75,000 and £310,800
- attacks from outsiders have become a greater threat for both small and large businesses
- 75% of large businesses and 30% of small business suffered staff-related breaches
Digital Economy Minister Ed Vaizey said:
The UK’s digital economy is strong and growing, which is why British businesses remain an attractive target for cyber-attack and the cost is rising dramatically. Businesses that take this threat seriously are not only protecting themselves and their customers’ data but securing a competitive advantage.
I would urge businesses of all sizes to make use of the help and guidance available from government and take up the Cyber Essentials Scheme.
There is a raft of free guidance available from government to help businesses secure themselves against costly cyber security breaches. Cyber Essentials is a government-backed and industry-supported scheme to protect businesses of all sizes against the common threats found on the internet.
Andrew Miller, Cyber Security Director at PwC, said:
With 9 out of 10 respondents reporting a cyber breach in the past year, every organisation needs to be considering how they defend and deal with the cyber threats they face. Breaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect, and the impacts we are seeing are increasingly long-lasting and costly to deal with.
SC Magazine UK, the information resource for cyber security professionals in the UK and Europe, will also announce the government’s Cyber Essentials scheme has won the ‘Editor’s Choice Award’ at the SC Europe Awards at Grosvenor House in London on Tuesday (2 June 2015) evening.
Tony Morbin, SC Magazine Editor-in-Chief, said:
Companies implementing Cyber Essentials can thwart the majority of current cyber attacks, making the programme potentially the biggest single contribution to cutting cyber crime. It is most certainly a worthy winner, as are all the partners across government and industry who have worked together to design, manage and deliver the programme.
Notes to editors
- The Information Security Breaches Survey is carried out annually by the government and PwC.
- The government has produced a range of cyber security guidance and support for businesses, including:
* Cyber Essentials - a new government-backed and industry supported scheme to help businesses protect themselves against cyber threats. The scheme provides businesses of all sizes with clear information on good basic cyber security practice to protect against the most common cyber threats.
* 10 Steps to Cyber Security - the ‘10 Steps to Cyber Security’ guidance for large businesses looks at how to safeguard a company’s most valuable assets, such as personal data, online services and intellectual property. The guide explains how cyber security is a strategic business risk which needs to be managed at board level.
* Small Businesses: What You Need To Know About Cyber Security - practical guidance for small businesses on how to put simple cyber security measures in place. It explains the cyber threat and how small businesses can ensure they are protected. By taking the advice in this guidance, small businesses can protect their assets, customers and their peace of mind.
* free online information security training course for SMEs: ‘Responsible for Information’ - is a free e-learning course for staff in micro, small and medium-sized enterprises. It helps employees and business owners understand information security and associated risks, and provides good practice examples and an introduction to protection against fraud and cyber crime.
* Cyber Security Innovation Vouchers - Innovation Vouchers provide £5,000 for SMEs to engage external experts to gain new knowledge to help the business innovate, develop and grow. Firms can use the vouchers for advice towards protecting and growing their business by having good cyber security. A specific cyber security Innovation Voucher is under discussion.
* the government also delivers the Cyber Streetwise campaign which offers simple, easy to understand advice to help small businesses and consumers protect themselves online; and the Cyber Security Information Sharing Partnership (CISP) which enables industry and government to share cyber threat and vulnerability information.
- The UK cyber security sector is strong and growing. It employs over 40,000 people and is worth over £6 billion. Cyber security exports grew by 22% last year. The government is supporting the UK cyber security sector through the joint industry, government and academia Cyber Growth Partnership, and through the National Cyber Security Programme.
- The government is supporting a ‘UK Cyber Innovation Zone’ at the Infosecurity Europe event which showcases 11 innovative small UK cyber security firms. The 11 firms were selected by a panel of government and industry experts from a list of 40 after completing an application process. Four firms – GeoLang, Pure Lifi, Pervade Software and Zone Fox – have been shortlisted to take part in a pitch at the event which will select the most innovative small UK cyber security company. The winner will be announced at the event shortly after the pitching session on the afternoon of Thursday 4 June 2015.
- The publication of the information security breaches survey follows GCHQ’s announcement of the new CESG Certified Cyber Security Consultancy scheme for government and industry.