The total cost of a data breach to UK organisations has risen to over £2 million, according to research.
The latest Cost of a data breach study by Symantec and the Ponemon Institute has found that while the cost of a breach to a UK organisation has risen to £2.04 million, the appointment of chief information security officers (CISOs) with enterprise-wide responsibilities, comprehensive incident response plans and stronger overall security programmes has helped the problem overall.
Based upon cost estimates provided by the more than 300 individuals and the costs incurred by 38 UK companies in 12 industry sectors that experienced the loss or theft of protected personal data and then had to notify breach victims and/or regulators as required by law, the report deemed the average per capita cost of a data breach to have increased from £79 to £86.
The report found that while negligence is the main cause of data breach, 37 per cent of data breaches involved negligent employees or contractors, while malicious or criminal attacks have increased slightly from 31 to 34 per cent of data breaches, making this the most costly type of breach at £102 per compromised record.
The average cost of data breaches per compromised record due to system or business process failures was £79, and data breaches caused by employee or contractor negligence was £76.
Mike Smart, product and solutions manager at Symantec, said: “With more than a third of UK data breaches involving negligent employees or contractors, the ‘human factor' is still the weakest link, and so training and awareness should be a priority from the offset. But here in the UK it seems that malicious attacks are becoming nearly as big a problem.
“Not only have more data breaches been down to malicious attacks, but when it does happen, it's far more costly. The report has shown that there are certain factors that influence the cost of a breach so there are things businesses can do to in advance to reduce the impact on the organisation; from educating and training employees on how to handle confidential information, to having a proper incident response plan in place.”
Finally, he research discovered that having a CISO resulted in cost savings, and having an incident response plan, a company's security posture, addition of a consultant and quick notification of the data breach all reducing the average cost from £86 to £73.
Also, 39 per cent of those surveyed had centralised the management of data protection with the appointment of a C-level information security professional.