New analysis finds that businesses with over 6,000 records face risk of economic loss without cyber defences, but that the likelihood of a data breach varies between industries.
New analysis from NCC Group has found that businesses with over 6,000 data records face a higher risk of economic loss without adequate cyber security defences in place.
The cyber security and risk mitigation expert looked into the average cost of cyber security across multiple sectors in one year, including staff, hardware and software, against the average UK cost of a single data breach, which is £120 per record, according to The Ponemon Institute. It found a theoretical cut-off point at which the cost of a single breach exceeded this cyber security cost, which occurred where businesses held between 5,000 and 6,000 records.
It also found that the higher the turnover of a business, the higher the average cost of a data breach, with the average loss rising from £1.5m to £10m for companies with a turnover between £5m and £9.9m, and over £50m respectively.
However, this analysis found that the likelihood and cost of a data breach varied between sectors, with 61% of local government organisations, 10% of central government organisations, and 18% of utilities companies reporting a breach between Q1 2016 and Q1 2017. The healthcare sector faced the highest breach cost per record, with each breached record costing organisations £267 on average. While businesses in the marketing sector had the lowest chance of a breach, with only 1 in 25,000 UK business reporting a breach during the same period.
Commenting on these findings, Nick Dunn, managing security consultant at NCC Group, said: “Of course, implementing robust cyber security measures is vital for businesses of every size and in every industry, particularly with GDPR coming into force next month which is likely to raise breach costs to higher levels than before.
“This analysis demonstrates that cyber resilience when it comes to the security of sensitive data needs to be a priority for all businesses, and it is important to note that this analysis only takes into account the impact of one data breach. Even though one breach alone can cause a lot of damage, organisations should also have solid procedures and cyber incident response plans in case they face repeated attacks.
“With the amount of sensitive data held by organisations only increasing in size, it is crucial for all businesses to ensure that they have considered every possibility and taken tangible steps towards enhancing their security posture.”