UK Government Urges Action As Cost Of Cyber Security Breaches Doubles

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.forbes.com/sites/dinamedland/2015/06/02/uk-government-urges-action-as-cost-of-cyber-security-breaches-doubles/

A staggering 90% of large businesses  in the United Kingdom have reported
they have suffered an information security breach, alongside 74% of small
and medium-sized businesses. The average cost of the most severe online
security breaches for big business can now reach £3.14 million ($4.8
million). It starts at £1.46 million, up from £600,000 in 2014, according
to government research published today to raise awareness of the growing
cyber threat.

The average cost of security breaches for companies with more than 500
employees is between £1.46 million and £3.14 million, says the UK’s
Department of Business, Innovation and Skills (BIS). For small and
medium-sized businesses (SMEs), the average cost of the worst breach is
between £75,000 and £310, 800. This is up from a worst case scenario on
costs for SMEs  of cyber security breaches of just £115,000 in 2014.

Cyber security is a major cost to business, as well as its shareholders. If
costs keep rising like this, it will also surely be a major deterrent to
the growth of new businesses.

Launching the Information Security Breaches Survey 2015 at the Infosecurity
Europe event in London, UK Digital Economy Minister Ed Vaizey put a
positive slant on it. He said: “The UK’s digital economy is strong and
growing, which is why British businesses remain an attractive target for
cyber-attack and the cost is rising dramatically. ”

“Businesses that take this threat seriously are not only protecting
themselves and their customers’ data but securing a competitive advantage”
he added.

While cyber security is undeniably on the agenda for many UK boardrooms,
the reaction to information security risk to date has been largely
defensive. The challenge for UK industry remains to make the step change to
seeing cyber preparedness as ‘competitive advantage’ – and the government
is pulling out the stops to help.

A third of organizations are now using the UK government’s ‘Ten Steps to
Cyber Security’ guidance, up from a quarter in 2014, says BIS. It points
out that nearly half (49%) of all organizations have either achieved a
‘Cyber Essentials’ badge to protect themselves from common internet
threats, or  they plan to get one in the next year. There is also a
substantial amount of of free guidance available from government to help
businesses secure themselves against costly cyber security breaches.

But boardrooms are clearly still struggling to come to grips with the new
risk factors that come alongside technological innovation. The Financial
Times reported today that British financial institutions have been
investigated 585 times for data privacy breaches in the past 12 months —
almost triple the number of probes in the previous year.

This sharp increase, revealed – says the FT – by a freedom of information
request to the Information Commissioner’s Office, shows that consumers are
becoming more concerned about how financial services companies use their
data.

And consumers – both as shareholders and as stakeholders – will ultimately
be the mainstay of the survival of financial institutions as they struggle
to adapt to a plethora of change.

Another ‘human factor’ in cyber security should also not be overlooked. As
PwC– which was commissioned to conduct the survey for the UK government –
points out, “staff-related breaches feature notably in this year’s survey.
Three-quarters of large organisations suffered a staff-related breach and
nearly one-third of small organisations had a similar occurrence (up from
22% the previous year).”

The pressing need for action around cyber security should also – by
implication – make boardrooms focus on the importance of employee
engagement for the best corporate governance on the path to business
success.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!