Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cost of UK data breaches rises to £2 million per incident, study finds

Or £86 cost per record, says Symantec investigation

Article comments

The costs faced by UK organisations that suffer data breaches continued rising in 2012 and now exceed £2 million ($3 million) per incident, a study of real-world incidents has found.

Symantec’s 2013 Cost of Data Breach Study (carried out by the Ponemon Institute) found that the average cost per compromised record has reached £86, up from £79 in 2011 and sharply up on the £47 recorded by the firm in 2007, the first year it looked into the issue.

This means that the average incident now costs £2.04 million each, up from £1.75 million a year earlier. The 38 reported incidents included in the study ranged in size from 3,500 records breached to just over 70,000 records, with the average incident size being 23,000.

The costs measured included obvious aspects such as detection, notification, and after-support, but also lower subsequent turnover and customer churn. In 2012, £43 of the total £86 per compromised record was related to the latter, indirect costs.

The figures weren’t guesstimates but were based on interviews with 300 individuals at the affected organisations, Symantec emphasised.

Breaking down the numbers further, some interesting patterns emerge.

Some industries have higher breach costs than others, with financial services near the top of the cost-per-record graph at £119 per record and media and industry on the lowest run with around £53 per record.

The public sector cost was nearer the bottom than the top with an average charge of £69 per record.

This is what one might expect; the value and monetary consequences of a compromised financial services customer record is clearly different than that of a media company not least because the latter sectors suffer lower customer churn as a result.

The top cause of data breaches was negligence, which accounted for 37 percent of cases, ahead of system glitches (technical errors) on 29 percent and the most serious category of all, criminal activity, on 34 percent.

The issue of criminal involvement is worth commenting on because it skews all costs. The average cost per record of negligence and human error was £76 against the £102 associated with a malevolent attack.

“With more than a third of UK data breaches involving negligent employees or contractors the human factor is still the weakest link, and so training and awareness should be a priority from the offset,” said Symantec’s product and solutions manager, Mike Smart.

“But here in the UK it seems that malicious attacks are becoming nearly as big a problem. Not only have more data breaches been down to malicious attacks, but when it does happen, it’s far more costly.”

Encouragingly, having an incident response plan in place to cope with breaches affected the final reckoning, reducing the cost per record by an average of £13.

Other positive influences included having a CISO in place (- £9), quick notification (-£2) and having a strong security posture (- £13).

Conversely, negatives that acted to increase costs included that the incident was caused by a third party such as a partner (which added £17 per record) and that the records were breached from a laptop or storage device (+ £10).

A common response to a breach incident was a greater use of technologies such as encryption, chosen by 38 percent of affected organisatons.

A factor this real-world analysis didn't look at was the effect of the time it takes for breaches to be discovered. A recent report by Trustwave found that the average discovery time in 450 breaches it studied was 210 days.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *