Report: Data breach cost increases by 13 per cent to £1.9m

Symantec research indicates that the most expensive incident cost £2.3m more than in 2009

An average data breach incident cost UK organisations £1.9m in 2010, a 13 per cent increase on 2009 figures, according to an annual report from security firm Symantec.

The report, entitled UK Cost of a Data Breach, says the cost of a breach varied from £36,000 to £6.2m, and the most expensive single incident in 2010 cost £2.3m more than its 2009 counterpart.

37 per cent of all data breaches this year were the result of a system failure, up 9 per cent on the previous year's results. It has now overtaken negligence, which dropped 11 percentage points to 34 per cent.

"At a time when businesses in the UK remain economically cautious, protection of IP to remain competitive and avoidance of potentially large fines are key," said Robert Mol, director of product marketing at Symantec.

"With the average cost of a data breach for UK organisations rising to £1.9m, securing information clearly continues to challenge organisations at all levels, but the vast majority of these breaches are preventable," he added.

However, organisations have boosted their awareness of mobile device encryption over the last year, with 64 per cent stating that this was important or very important, an increase of 13 points on the previous year.

Lost business ranked as the biggest contributor to overall data breach costs, and other costs relate to account-resetting and the lessened impact of data detection.

Research by IT services company Dimension Data found that one in 10 large UK businesses has experienced a data leak, and 91 per cent of these suffered reputational damage as a result.

Dimension Data also found that 27 per cent of businesses lost their competitive edge as a result of these leaks.

Additionally, the research shows there are still major barriers to the adoption of data loss prevention policies.

Many respondents cited the fact that IT spending continues to take precedence, and that there is still a lack of board level willingness to invest.

"With the ICO's increased powers as of April last year, combined with the scale and immediacy of the web and social media, businesses that leak customer data are more likely than ever to suffer from a tarnished reputation through public exposure," said Chris Jenkins, Security Line of Business Manager at Dimension Data.

"Despite this, however, some organisations take a reactive approach, assuming, or hoping, it will never happen to them," he added.