News

Average Cost Of SME Data Breaches 'Between

Thu, 18/06/2015 - 14:51
Disaster Recovery

Data protection services could be at the forefront of the minds of small to medium-sized enterprises (SMEs) in the UK in the future, given new research revealing that the average cost of data breaches is now between £75,000 and £310,800.

Studies by PwC in conjunction with the government have found that 90 percent of bigger companies have had an information security breach, while the same is true for 74 percent of SMEs. And for those firms with over 500 members of staff, the average cost of the most severe incident is between £1.46 million and £3.14 million.

While outside attacks represent a real threat for businesses of all sizes, 75 percent of bigger firms and 30 per cent of SMEs have experienced breaches relating to members of staff.

"With nine out of ten respondents reporting a cyber breach in the past year, every organisation needs to be considering how they defend and deal with the cyber threats they face. Breaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect, and the impacts we are seeing are increasingly long-lasting and costly to deal with," Andrew Miller, PwC's cyber security director, said.

There are ways you can limit the risks your company faces. For example, all organisations should regularly audit what data they have, how sensitive it is, as well as the protection systems currently in place. Secondly, adequate policies, procedures and training should be in place, ensuring that all employees are fully aware of the risks posed by breaches as well as their responsibilities in helping prevent them. It is particularly important to have a well documented employee exit procedure to limit the chances of a worker (disgruntled or otherwise) retaining access to company or customer data and limiting the chance of them being able cause damage.

It is also wise to have a data loss protection plan in place so that if and when a breach does occur, you can take immediate action to reduce the impact. Ensuring there is a response team and disaster recovery service already in place, composed of individuals with the skills and knowledge to act, is also necessary. The ensures that appropriate action can be taken quickly, effectively and in line with legal obligations and regulatory recommendations.

Lastly, it's worth considering that data doesn't have to be illicitly accessed in order for it to cause harm to customers or the company in question. Loss of data, whether on internal systems or on media and devices off the company's premises, can result in fines, damage to reputation and loss of business. For these reasons and more, having a good disaster recovery plan is also a must.

Recent Articles

Redstor_GDPR_Arrival_blog Data Management

G-day Is Here!

The wait is over. The period for becoming compliant has finished and the General Data Protection Regulation (GDPR) is now in full effect.... read more

May 24, 2018
Redstor_Cloud_data_blog Online Backup

Is Your Cloud Data As Safe As You Think?

Cloud technology is fast becoming a stable in the IT strategies of all modern businesses. Well-known benefits like flexible and rapid deployment help... read more

May 22, 2018
Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organisations and... read more

May 16, 2018