News

Average Cost Of SME Data Breaches 'Between £75,000 & £310,000'

Thu, 18/06/2015 - 14:51
Disaster Recovery

Data protection services could be at the forefront of the minds of small to medium-sized enterprises (SMEs) in the UK in the future, given new research revealing that the average cost of data breaches is now between £75,000 and £310,800.

Studies by PwC in conjunction with the government have found that 90 percent of bigger companies have had an information security breach, while the same is true for 74 percent of SMEs. And for those firms with over 500 members of staff, the average cost of the most severe incident is between £1.46 million and £3.14 million.

While outside attacks represent a real threat for businesses of all sizes, 75 percent of bigger firms and 30 per cent of SMEs have experienced breaches relating to members of staff.

"With nine out of ten respondents reporting a cyber breach in the past year, every organisation needs to be considering how they defend and deal with the cyber threats they face. Breaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect, and the impacts we are seeing are increasingly long-lasting and costly to deal with," Andrew Miller, PwC's cyber security director, said.

There are ways you can limit the risks your company faces. For example, all organisations should regularly audit what data they have, how sensitive it is, as well as the protection systems currently in place. Secondly, adequate policies, procedures and training should be in place, ensuring that all employees are fully aware of the risks posed by breaches as well as their responsibilities in helping prevent them. It is particularly important to have a well documented employee exit procedure to limit the chances of a worker (disgruntled or otherwise) retaining access to company or customer data and limiting the chance of them being able cause damage.

It is also wise to have a data loss protection plan in place so that if and when a breach does occur, you can take immediate action to reduce the impact. Ensuring there is a response team and disaster recovery service already in place, composed of individuals with the skills and knowledge to act, is also necessary. The ensures that appropriate action can be taken quickly, effectively and in line with legal obligations and regulatory recommendations.

Lastly, it's worth considering that data doesn't have to be illicitly accessed in order for it to cause harm to customers or the company in question. Loss of data, whether on internal systems or on media and devices off the company's premises, can result in fines, damage to reputation and loss of business. For these reasons and more, having a good disaster recovery plan is also a must.

Recent Articles

Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organizations and... read more

May 16, 2018
Redstor_Equifax_leak_blog Disaster Recovery

Equifax – The Breach That Keeps Getting Bigger

Last year in September 2017 Equifax revealed that they had numerous data files stolen by hackers. The Credit Ratings agency initially at the time... read more

May 15, 2018
Redstor_future_lawyer_summit_blog Redstor

Redstor Looking Ahead At The Future Lawyer Summit

On the 29th May, representatives from Redstor will attend London’s Future Lawyer Summit, a highly regarded conference, as an exhibitor. The one-day... read more

May 10, 2018