The Information Security Breaches Survey, commissioned by the Department for Business, Innovation and Skills, revealed that 93 per cent of large organisation and 87 per cent of small businesses, up 10 per cent year-on-year, had experienced a security breach in the last 12 months.
Small organisations are facing an average cost of the worst security breach of between £35,000 and £65,000 while larger businesses have to bear the brunt of between £450,000 and £850,000. The report claims several attacks caused more than £1 million of damage.
Around a quarter of the worst security breaches of the year led to lost business – and in some cases the cost of lost business was significant. The average cost was £300-£600 for small businesses and £10,000-£15,000 for large organisations.
In addition, a third of the worst security breaches resulted in a financial loss as a result of lost assets – both physical assets and intellectual property. This averaged at £150-£350 for small companies and £30,000-£40,000 for large businesses.
A very small numbers of respondents’ incurred losses due to compensation payments and regulatory fines. Finally, estimated reputational damage stood at £1,500-£8,000 for small businesses and £25,000-£115,000 for large organisations,
The report stated: “Based on the number of breaches and the cost of the worst breaches, we estimate that the total cost of breaches has roughly tripled from the 2012 levels, and now exceeds the previous 2010 peak. Our best estimate of the total cost to UK plc is in the order of billion pounds per annum.”
Those affected by cyber-attacks were found to have experienced 50 per cent more attacks than a year ago, with the average number of breaches at 113 for a large organisation and 17 for a small business.
Outside attacks were found to account for by far the most security breaches in large businesses, with the average large operation facing an attack every few days. Some 78 per cent were attacked by an unauthorised outsider and 39 per cent hit by denial-of-service attacks in the last year, while the figures stood at 63 per cent and 23 per cent for small businesses.
It found 14 per cent of large businesses knew that intellectual property or confidential data was stolen by outsiders, and for smaller firms it was 9 per cent.
The research showed 81 per cent of respondents reported that senior management, while classing cyber-attacks as a high priority, had failed to put in place effective security.
The report read: “The survey results show that companies are struggling to keep up with security threats, and so ﬁnd it hard to take the right actions.
“The right tone from the top is vital – where senior management are briefed frequently on the potential security risks, security defences tend to be stronger.”
Universities and Science Minister David Willetts said: “Keeping electronic information safe and secure is vital to a business’s bottom line.
“Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack.”