UK firms see data breach as inevitable

Feb 10, 2016

Report reveals more than half of all firms expect an attack

More than half of UK businesses believe that their organisation will suffer from a cyber security breach at some point. They also anticipate that to recover from a data breach would cost upwards of £1.2m – the highest figure globally.

That’s according to a new Risk:Value report from NTT Com Security, which surveyed business decision makers in the UK, as well as US, Germany, France, Sweden, Norway and Switzerland.

More than half (57 percent) of respondents say their organisation will suffer a data breach at some point. They estimate that a breach would cost them £1.2m, even before ‘hidden costs’ like reputational damage and brand erosion are taken into consideration, and take on average two months to recover from. They also anticipate a 13 percent drop in revenue, on average, following a breach.

However, the survey also reports that around a quarter (23 percent) of UK businesses spend more on human resources (HR) than on information security.

However, Stuart Reed, senior director, global product marketing at NTT Com Security, believes there’s been a shift in attitudes towards the impact of security breaches “given the year we have just had.”

He explains: “We’ve seen several major brands reeling from the effects of serious data breaches, and struggling to manage the potential damage, not only to their customers’ data, but also to their reputation. While the majority of people we spoke to expect to suffer a cyber security breach at some point, most fully expect to pay for it as well – whether that’s in terms of third party and other remediation costs, customer confidence, lost business or even possibly their jobs.”

When it comes to responsibility for managing the company’s recovery plan, 15 percent say the CEO now has responsibility, although it still largely falls to the Chief Risk Officer (CRO), Chief Information Office (CIO) or Chief Security Officer (CSO).

One in five respondents in the UK say they do not know if their organisation has any type of insurance to cover for the financial impact of data loss or an information security breach.

Related Articles