News: The £1.2m figure does not include ‘hidden costs’ – so the figure could be much, much higher.
It is widely accepted that a data breach or cyber attack is a ‘when’ not ‘if’ scenario for today’s businesses. However, new figures from NTT Com Security have highlighted just how important it is for businesses to secure and protect against data breaches.
According to NTT Com Security’s Risk:Value report, business decision makers expect a data breach to cost upwards of £1.2m in recovery costs.
According to those surveyed, the £1.2m figure does not include hidden costs like reputational damage and brand erosion, with the expected recovery time following a data breach lasting two months. Respondents also anticipated a 13% drop in revenue, on average, following a breach.
The hidden costs of a data breach ranged from legal fees to executive changes. The vast majority of respondents in the UK admitted that they would suffer both externally and internally if data was stolen, including loss of customer confidence (66%) and damage to reputation (57%), as well as direct financial loss (41%). Over a third of decision makers (34%) expects to resign or expects another senior colleague to resign as a result of a breach.
The resignation of a senior exec following a data breach all rests on who the business thinks is responsible. When it comes to responsibility for managing the company’s recovery plan, 15% say the CEO now has responsibility, although it still largely falls to the Chief Risk Officer (CRO), Chief Information Office (CIO) or Chief Security Officer (CSO).
The survey also highlighted that the ‘when not if’ approach is disputed by some organisations, with a third disagreeing that their organisation will suffer a data breach at some point.
There was further conflict found in the survey findings when respondents were asked about the role of security in their organisation. A fifth of those surveyed admit that poor information security is the ‘single greatest risk’ to the business, despite nearly half (48%) stating that information security is ‘vital’ to their organisation.
Despite the aforementioned conflict in the survey findings, the survey did reveal that companies are taking proactive steps in fighting the threat of data breaches. 41% of UK organisations have a disaster recovery plan in place, and 40% have a formal security policy in place.
However, when it comes to insurance, UK businesses are lagging behind. While 77% agree it is ‘vital’ their business is insured for security breaches, only 26% have dedicated cyber security insurance. However, 38% are in the process of getting a policy. One in five respondents in the UK say they do not know if their organisation has any type of insurance to cover for the financial impact of data loss or an information security breach.
Stuart Reed, Senior Director, Global Product Marketing, NTT Com Security, said: "It’s encouraging to see that almost all UK businesses now have a disaster recovery and formal information security policy in place, or are planning to implement one soon,"
"Clear, concise internal processes and policies for employees and contractors have so often been overlooked and this is what can lead to complacency and poor security hygiene. When we talk to clients, we make it clear that educating staff about security should be a top priority, supported by clear, simple procedures and backed up by a solid incident response plan."