Cyber attacks cost UK firms an average of £2.37m per attack

Cyber lock

UK businesses are being hit hard by hackers with the cost of an attack averaging out at £2.37 million every time one is carried out, according to new data from IBM and the Ponemon Institute.

The 2015 Cost of Data Breach Study: United Kingdom collected data from 39 anonymous companies and worked out that costs are on the up thanks to the more sophisticated ways that cyber criminals are employing to gain access to computers.

"The average per capita cost of a data breach for the 39 companies increased from £95 to £104, and the total average organisational cost increased from £2.21m to £2.37m in 2015," stated the report.

What those increases mean is that the per capita and total organisational cost of data breaches have continued to rise for eight consecutive years and not surprisingly the main root cause of data breaches were malicious or criminal attacks (49%). Other reasons for systems being compromised were system glitches (23%), which included a mixture of IT and business process failures, and human error or employee negligence (28%).

This being the case there is a great deal of work being done by companies to train and educate employees through cyber awareness programmes. When this is combined with the latest encryption technology, companies fare far better where cyber attacks are concerned.

"Extensive use of encryption, incident response plan, business continuity management involvement, board-level involvement, employee training, CISO appointment and insurance protection result in cost savings," the report added.

Usual suspects hard hit

When it comes to the industries targeted, financial services, pharmaceuticals, communications, energy and technology bore the brunt of the attacks with a higher than mean cost per capita whereas public services and transportation companies had a per capita cost "well below the mean".

Even though encryption can be one of the best ways for UK firms to prevent attacks, David Cameron's new government looks likely to revisit a Snoopers' Charter that would restrict encryption by forcing companies to turn over encrypted data if requested to do so by the authorities.