IT disaster recovery, cloud computing and information security news

New report looks at ‘Security breaches – what’s the real cost to your business?’

Most UK business decision makers admit that their organization will suffer from a cyber security breach at some point. They also anticipate that to recover from a data breach would cost upwards of £1.2 million on average for their organization, the highest figure globally. This is according to a new Risk:Value report from global information security and risk management company, NTT Com Security, which surveyed business decision makers in the UK, as well as US, Germany, France, Sweden, Norway and Switzerland.

While nearly half (48 percent) of UK business decision makers say information security is ‘vital’ to their organization and just half agree it is ‘good practice’, a fifth admit that poor information security is the ‘single greatest risk’ to the business, ahead of ‘decreasing profits’ (12 percent), ‘competitors taking market share’ (11 percent) and on a par with ‘lack of employee skills’ (21 percent).

Well over half (57 percent) agree that their organization will suffer a data breach at some point, while a third disagree and one in ten say they do not know. Respondents estimate that a breach would cost them £1.2m, even before ‘hidden costs’ like reputational damage and brand erosion are taken into consideration, and take on average two months to recover from. They also anticipate a 13 percent drop in revenue, on average, following a breach.

In terms of remediation costs following a security breach, nearly a fifth (18 percent) of a company’s costs would be spent on legal fees, 18 percent on fines or compliance costs, 17 percent on compensation to customers, and 11 percent for third party remediation resources. Other anticipated costs include PR and communications (14 percent) and compensation paid to suppliers (12 percent) and to employees (11 percent).

According to the report, the vast majority of respondents in the UK admit they would suffer both externally and internally if data was stolen, including loss of customer confidence (66 percent) and damage to reputation (57 percent), as well as direct financial loss (41 percent). Over a third of decision makers (34 percent) expect to resign or expect another senior colleague to resign as a result of a breach.

Other key points include:

  • 41 percent of UK organizations have a disaster recovery plan in place, and 40 percent have a formal security policy in place. In both cases, almost half are in the process of implementing or designing one.
  • When it comes to responsibility for managing the company’s recovery plan, 15 percent say the CEO now has responsibility, although it still largely falls to the chief risk officer (CRO), chief information officer (CIO) or chief security officer (CSO).
  • While 77 percent agree it is ‘vital’ their business is insured for security breaches, only 26 percent have dedicated cyber security insurance. However, 38 percent are in the process of getting a policy.
  • One in five respondents in the UK say they do not know if their organization has any type of insurance to cover for the financial impact of data loss or an information security breach.

The Risk:Value Executive Summary report can be downloaded here.

Research demographics

Commissioned by NTT Com Security the research was conducted by Vanson Bourne during October and November 2015. 1,000 business decisions makers (not in IT) were surveyed in the US, UK and Germany (200 in each), and France, Sweden, Norway and Switzerland (100 in each). Organizations had more than 500 employees, but those in Norway, Sweden and Switzerland could come from organizations with at least 250 employees.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.