Data breach cost hits £1.9 million
By Tom Brewster,
The cost of the average data breach in the UK jumped in 2010 as businesses were hit hard by cyber criminals, according to a report.
The average data breach cost UK organisations £1.9 million in 2010, up 13 per cent from 2009 and 18 per cent from 2008, the Symantec and Ponemon Institute data showed.
Malicious or criminal attacks were behind 29 per cent of all data breaches, rising from 22 per cent in 2009.
In 2010, the most expensive incident cost the affected firm £6.2 million, compared to the £3.9 million expense hitting the most unfortunate business in the previous year.
Robert Mol, director of product marketing in the EMEA region for Symantec, said he thought the increased cost of data breaches was largely down to the highly sophisticated attacks used by cyber criminals.
“The fact that organised crime is now adopting a very sophisticated methodology to penetrate systems and look for confidential information that they can sell for an economic benefit is really influencing the cost of the breach,” Mol told IT PRO.
“It means businesses will have to start implementing several layers of protection rather than looking at the perimeter of the company.”
As for how Symantec determined the cost of an average breach, a variety of factors were taken into consideration, including loss of business, the recovery process and expense outlays for detection technologies.
The findings were based on actual data breach experiences of 38 UK companies from 13 different industries.
System failure and mobile threats
The report also showed system failure overtook the insider as the most common threat. The latter has often been seen as the biggest danger to the corporate network.
Almost two fifths of all breaches involved a system failure in 2010, including flaws and faults in applications, representing a seven per cent increase.
Meanwhile, firms were increasingly concerned about the mobile threat, as smartphones and tablets, like the iPad, became more prevalent inside businesses.
Nearly two thirds said they recognised the risk of insecure mobile devices connecting to company networks - up 13 per cent.
This was despite the fact that mobile threats were significantly smaller in number than attacks facing PCs.
“It’s important because the likelihood of those insecure mobile devices accessing company data is about 84 per cent,” Mol added.
“There is a definite need to pay attention to it because the adoption rates of mobile are really outpacing the PC world.”
The report comes just days after security firm RSA was hit by a breach as SecurID data went missing.
Concerns were raised the security arm of EMC could face a costly and lengthy recovery process, especially if a significant number of SecurID tokens needed to be replaced.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Organisations need to better understand the source of risk
Once again, UK data breach costs are rising, to an average of £71 per record. Data breaches can create catastrophic bad press and can have a painful impact on the bottom line. Coupled with the new powers of the Information Commissioner’s Office to fine companies in the UK upwards of £500,000 for each instance of a data protection failing, the final overall cost of a breach or loss could very quickly dwarf the £1.9 million revealed by this. The fact that policy failures accounted for the biggest proportion, 37%, indicates that while companies are heavily investing in intrusion prevention, they are not properly managing access by their own employees to critical data such as customer information or patient records. Organisations need to better understand where their greatest sources of risk reside as well as who is accessing sensitive data, how and why. It is the organisation’s responsibility to stringently manage policy and track activity to make sure that access to the most sensitive data is only granted to those for whom it is necessary to do their jobs.
Marc Lee, EMEA Sales Director, Courion
By Ip_courion3a5e03 on Monday Mar 21
Data breaches have a real cost to organisations
The latest data from the Ponemon Institute serves as a stark reminder of the costs of lax data security to UK businesses.
Failure to clamp down on data security has real and painful consequences for any organisation, putting jobs at risk, generating lasting bad press and eroding what are already fragile revenues in the current economic climate.
Worryingly, the significant figure of £1.9 million average cost per incident, or £71 per compromised record, does not account for the ability of the Information Commissioner’s Office to fine companies in the UK up to £500,000 for each instance of a data protection failing is taken into account.
The growth in the cost of a data breach represents the knock-on effect of increased mobile device use in the workplace, including removable storage, as well as an increasingly lax attitude to protecting not only removable storage devices but data in all its forms. Some 64 per cent of those surveyed by Ponemon acknowledged the risk post by mobile devices to data security, while 84 per cent said that insecure mobile devices were likely to have accessed corporate data in some form.
Fortunately, the Ponemon Institute report shows investment is increasing as companies look to correct such oversights before they become systemic. The value of such an investment is certainly attractive in comparison to the costs of a data breach.
Tom Colvin, Chief Technology Officer, Conseal Security
By Conseal_Security on Monday Mar 21