Do you know what it would cost your business if you fall victim to a cyber attack? Data security breaches are a factor of our everyday lives, many of which do not get the press attention that the likes of TalkTalk, Marks and Spencers and travel agents Thompson have attracted in recent months.
While your company may be fortunate in avoiding the headlines if you do have a data breach, the damage is still likely to be significant. Large or small, UK businesses must be proactive in how they combat cyber threats, and ensure they are doing everything possible to reduce the impact these can have on their business and profitability.
The 2015 Information Security Breaches Survey produced by the Department for Business Innovation & Skills makes for sobering reading. Security breaches have increased for both large and small organisations, with 90% of large organisation reporting having suffered a security breach in 2014. For small businesses the increase in the cost of a single data breach is significant, doubling in the last two years from an average worse security breach of £35 – £65k in 2013, to £75 – £311k in 2015.
59% of respondents expect to see more security incidents in the next year than the last. Organisations need to ensure they have the right defences in place to counteract this expected increase. Interestingly 28% of correspondents cited that a ‘lack of priority’ from senior management was a contributing factor in their single worst breach. In my experience this lack of priority often means that while security measures are in place within an organisation, poor communication and implementation is often the reason for the data breach, a top down approach is needed.
One way of ensuring that security does become a top priority in your organisation is to understand how a serious data breach can impact on your business. Where do figures such as £311k come from, or in the case of large organisations £600k – £1.15m?
Of course these figures vary depending on the nature of the data breach and the industry targeted. For example, a data breach involving a healthcare organisation is likely to cost more than one affecting a retailer because of the type of data each organisation stores and the regulatory landscape.
Typically these factors contribute to the overall cost of a data security breach:
If the above has given you some food for thought, what are the next steps to take to ensure that your organisation is doing all it can to avoid the costs associated with a data breach by reducing the likelihood of an attack?
Firstly, I would recommend a comprehensive security risk assessment to identify areas that may be at risk. Naturally any unprotected weaknesses in your IT infrastructure and network security should be addressed immediately.
Policies should also be put in place within your organisation to ensure that employees, contractors and suppliers are aware of your organisation’s risk management boundaries, and the acceptable and secure use of your organisation’s ICT systems. Clear communication, training and regular security awareness activities should all be part of your ongoing cyber security measures.
Plans should be put in place to manage breaches if they occur. This should include incident response, disaster recovery and business continuity plans.
The government has produced a cyber security document aimed at UK businesses called 10 Steps: 10 Critical Areas. This gives further guidance on reducing the risk of cyber attack and managing incidents.
In all probability most businesses will experience an information security incident at some point, but the risk can be managed and therefore the impact on your organisation reduced.
If you would like to discuss any of this with me, or member of the team, contact us on 0330 124 3599.