21 Mar 2011
An average data breach incident cost UK organisations £1.9m in 2010, a 13 per cent increase on 2009 figures, according to an annual report from security firm Symantec.
The report, entitled UK Cost of a Data Breach, says the cost of a breach varied from £36,000 to £6.2m, and the most expensive single incident in 2010 cost £2.3m more than its 2009 counterpart.
37 per cent of all data breaches this year were the result of a system failure, up 9 per cent on the previous year's results. It has now overtaken negligence, which dropped 11 percentage points to 34 per cent.
"At a time when businesses in the UK remain economically cautious, protection of IP to remain competitive and avoidance of potentially large fines are key," said Robert Mol, director of product marketing at Symantec.
"With the average cost of a data breach for UK organisations rising to £1.9m, securing information clearly continues to challenge organisations at all levels, but the vast majority of these breaches are preventable," he added.
However, organisations have boosted their awareness of mobile device encryption over the last year, with 64 per cent stating that this was important or very important, an increase of 13 points on the previous year.
Lost business ranked as the biggest contributor to overall data breach costs, and other costs relate to account-resetting and the lessened impact of data detection.
Research by IT services company Dimension Data found that one in 10 large UK businesses has experienced a data leak, and 91 per cent of these suffered reputational damage as a result.
Dimension Data also found that 27 per cent of businesses lost their competitive edge as a result of these leaks.
Additionally, the research shows there are still major barriers to the adoption of data loss prevention policies.
Many respondents cited the fact that IT spending continues to take precedence, and that there is still a lack of board level willingness to invest.
"With the ICO's increased powers as of April last year, combined with the scale and immediacy of the web and social media, businesses that leak customer data are more likely than ever to suffer from a tarnished reputation through public exposure," said Chris Jenkins, Security Line of Business Manager at Dimension Data.
"Despite this, however, some organisations take a reactive approach, assuming, or hoping, it will never happen to them," he added.
Once again, UK data breach costs are rising, to an average of £71 per record. Data breaches can create catastrophic bad press and can have a painful impact on the bottom line. Coupled with the new powers of the Information Commissioner’s Office to fine companies in the UK upwards of £500,000 for each instance of a data protection failing, the final overall cost of a breach or loss could very quickly dwarf the £1.9 million revealed by this. The fact that policy failures accounted for the biggest proportion, 37%, indicates that while companies are heavily investing in intrusion prevention, they are not properly managing access by their own employees to critical data such as customer information or patient records. Organisations need to better understand where their greatest sources of risk reside as well as who is accessing sensitive data, how and why. It is the organisation’s responsibility to stringently manage policy and track activity to make sure that access to the most sensitive data is only granted to those for whom it is necessary to do their jobs.
Posted by: Marc Lee, EMEA Sales Director, Courion 21 Mar 2011
The growth in the cost of a data breach represents the knock-on effect of increased mobile device use in the workplace, including removable storage, as well as an increasingly lax attitude to protecting not only removable storage devices but data in all its forms. Some 64 per cent of those surveyed by Ponemon acknowledged the risk post by mobile devices to data security, while 84 per cent said that insecure mobile devices were likely to have accessed corporate data in some form.
Fortunately, the Ponemon Institute report shows investment is increasing as companies look to correct such oversights before they become systemic. The value of such an investment is certainly attractive in comparison to the costs of a data breach.
Posted by: Tom Colvin, Chief Technology Officer, Conseal Security 21 Mar 2011
Have your say on this article
Newsletters
Latest stories from Privacy
Latest videos
You may also like
Privacy jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
