THE COSTS OF SUFFERING a security breach for businesses have almost doubled over the past year, professional services firm Pricewaterhouse Coopers (PwC) has reported.
Released at the Infosecurity 2014 conference, PwC's Information Security Breaches Survey 2014 found that although firms are being hit by fewer security breaches overall, the impact has increased, so the average cost of an attack has risen for the third year in a row.
"For small organisations the worst breaches cost between £65,000 and £115,000 on average and for large organisations between £600,000 and £1.15m," said the PwC report, which was commissioned by the UK Department for Business, Innovation and Skills (BIS).
According to the PwC report, 81 percent of large businesses recently suffered security breaches, which is down from a year ago when 86 percent of companies were affected. Of small businesses, PwC said that 60 percent reported a breach, which is also down from last year, when it was at 64 percent.
Universities and Science minister David Willetts said that although the results show British companies are still under attack, the decline in incidents over the last year is thanks to businesses increasing their IT security investments over the last year as well as help from the country's National Cyber Security Programme.
"The government is working with partners in business, academia and the education and skills sectors to equip the UK with the professional and technical skills we need for long-term economic growth," Willetts said. "Increasingly those [companies] that can manage cyber security risks have a clear competitive advantage."
However, PwC said that while the number of breaches affecting UK businesses has fallen slightly over the last year, the number still remains high and in many companies more needs to be done "to drive true management of security risks".
PwC cyber security director Andrew Miller said, "Breaches are becoming more sophisticated and their impact more damaging. Given the dynamic nature of the risk, boards need to be reviewing threats and vulnerabilities on a regular basis.
"As the average cost of an organisation's worst breach has increased this year, businesses must make sure that the way they are spending their money in the control of cyber threats is effective. Organisations also need to develop the skills and capability to understand how the risk could impact their organisation and what strategic response is required."
The large number of affected companies could be down to the relatively high number of staff working at these firms that have a poor understanding of security policy. The PwC report claims 70 percent of businesses that have poor understanding of security have experienced staff-related breaches, compared to only 41 per cent in companies where security is well understood.
"This suggests that communicating the security risks to staff and investing in ongoing awareness training results in fewer breaches," said the report.
The PwC report also claimed that 77 percent of businesses across Europe now have a security strategy, while only 45 percent have a backup and recovery programme in place. µ