According to research commissioned by the UK government, the starting point for costs related to a breach has more than doubled compared to a year ago.
A survey by PwC found 90 percent of large organizations reported having a security breach—up from 81 percent last year—and the cost of a breach for companies with more than 500 employees starts at £1.46 million (US$2.2 million). This amount far exceeds a starting point of £600,000 last year. Similarly, the high end of the spectrum for breach costs more than doubled to £3.14 from £1.15 in 2014.
For a small business, the cost of a breach ranges from about £75,000-311,000. These cost have also gone way up—about 92 percent on the high end of the range.
The Information Security Breaches Survey furthermore found that malicious software from outsiders impacted 69 percent of large organizations and 38 percent of small ones. The good news is denial-of-service attacks dropped across the board.
This by no means indicates human error does not play a major role in breaches. About 75 percent of large companies and 31 percent of small companies were victims of a staff-related security breach last year.
Last year, the UK government launched a plan called “Cyber Essentials” and the report did find that nearly half of businesses either implemented it or plan to.
While Ed Vaizey, minister for culture and the digital economy, said it was “encouraging to see the steps many businesses are taking to improve cybersecurity,” he added that “there is clearly a lot more government and industry can do to continue tackling this issue.”
“All businesses and organizations should adopt [Cyber Essentials] as a vital first step—no ifs or buts,” he added.
While progress is being made, according to survey results, 14 percent of respondents said they have never briefed their board on security risks and 28 percent said the worst of their security breaches was caused at least partly by senior management not making cybersecurity a priority.