Cyber-crime costs UK firms an average of £4.1m a year - report

HP Enterprise Security report finds that there has been a 14 per cent increase in cyber-crime costs over the last year

Cyber-crime costs UK firms an eye-watering average of £4.1m a year, a study by HP Enterprise Security has found.

The Ponemon Institute conducted 326 interviews with personnel from 39 UK companies to assess the number of cyber-attacks and the costs as a result of the attacks. It was part of a wider study involving a total of 252 companies in seven countries.

The study found that the average cost of cyber-crime in the UK has steadily increased over the last three years. In the fiscal year of 2013, costs totalled $4.72m (£3.07m), this rose to $5.93m (£3.86m) in 2014, and this year the total again jumped to $6.32m (£4.12m). The average of the three years comes in at £3.68m, but HP states that £4.1m is the average annualised cost which involves benchmarking the 39 organisations, with a range from £628,423 to £16m spent each year per company. Last year's average cost per benchmarked organisation was £3.6m. Therefore there has been a 14 per cent increase in mean value.

The 14 per cent increase was the same as the increase in Japan, while the US (a 19 per cent increase) and Russia (29 per cent increase) saw the biggest jumps in cyber-crime costs, while Germany (eight per cent) had the lowest increase in the total annual cost of the six countries who have taken part in the study for at least two years. Cyber-crime costs for organisations in Brazil, who took part in the survey for the first time this year, were $3.85m (£2.51m).

The UK National Security Council has identified cyber-attacks as a "tier one" risk to national security, alongside international terrorism and major international conflict.

But while the 39 companies surveyed had experienced some form of cyber-attacks, HP said none were as devastating as that suffered by Carphone Warehouse; the retailer revealed in August that an astonishing 2.4 million customers' personal details may have been accessed in a cyber-attack, and up to 90,000 customers may have had their encrypted credit card details accessed.

The study also revealed the attacks which left companies most out-of-pocket. Denial of services (DDoS) attacks, malicious insiders and web-based attacks were the top three, and represented approximately 43 per cent of the total annualised cost of crime.

Meanwhile, the mean number of days to resolve cyber-attacks was 31 days with an average cost of £11,545 per day -this represents a 19 per cent increase from last year's cost estimate of £9,996 per day.

Of course, the type of organisation plays a big part in the costs accrued. For example, small organisations acquire a significantly higher per capita cost than large firms (£1,014 versus £232).

Read: The biggest 10 corporate cyber security blunders

Come to: Computing's Enterprise Security & Risk Management Summit on 26th November 2015 in Central London. It is free to attend, click here for details!