UK businesses will have to spend an average of £1.1m to recover from a data security breach this year, according to a new report by NTT Security.
It shows that firms expect to take an average of 80 days to recover from an attack, with companies seeing their revenue drop by as much as 9.5%, as well as long-term damage to customer confidence and reputation.
In addition, it reveals that 63% of businesses agree that a breach is inevitable at some point, but that just 47% have preventing a security attack as a regular board agenda item.
“No company can afford to ignore the consequences of what are increasingly sophisticated and targeted security attacks, like the widespread and damaging ransomware attack we recently witnessed,” NTT Security UK & Ireland vice president, Linda McCormack, said.
“They are absolutely right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand and reputational damage.”
The research involved a survey of 200 non-IT business decision makers across the UK, with 72% saying that their organisation has a formal information security policy in place.
A further 16% say they are in the process of implementing one, however, less than a third of respondents said they think their employees are fully aware of the policy.
It was also found that, despite 65% of UK businesses having an incident response plan, just 44% are fully aware of what it includes.
In addition, it is estimated that companies spend an average of 14.4% of their operations budget on information security, with a third spending more on research and development, human resources and marketing
“Creating security policies seems to be a work in progress for many UK businesses, unfortunately they become redundant if they are not properly communicated and shared throughout the whole organisation,” McCormack, continued.
“We see time and again organisations with good intentions when it comes to security and response planning, but then it falls to the bottom of the priority list due to a lack of resources, budgets and time.
“The fact that they are struggling to find the right resources and processes to support the fundamentals in information security and risk management planning is a major concern.’’
An increasing reliance on data and IT systems has seen cyber incidents shoot to the top of the most pressing risks facing businesses worldwide, research by Allianz has uncovered.
17 January 2020
The majority of risk managers worldwide cannot adequately assess the threats posed by new technologies, research by Accenture has found.
10 December 2019
Financial institutions will save $7bn (£5.43bn) by 2024 thanks to blockchain technology and the automation of customer checks, a market research firm has predicted.
05 November 2019
Why InsurTech? A Pressured Insurance Value Chain
By Andrew Sagon, Andrew Johnston and Matthew Wong
InsurTech is a burgeoning phenomenon that is modernising the insurance industry. It is disrupting the traditional value chain whereby insurers offer loss protection, and shifting the emphasis to risk mitigation. Incumbents face disintermediation as investors in search of higher yields pour money into insurance-linked instruments in the capital markets. And entrepreneurial businesses are targeting friction costs and inefficiencies within every aspect of the traditional value chain.
Nimbleness and agility will unlock potential
By Elinor Friedman, Andrew Harley and Klayton Southwood
Recent Willis Towers Watson surveys in the U.S. have shown that P&C and life insurers in developed markets are taking seriously the potential of big data and predictive analytics to improve their businesses. Nimbleness and agility, rather than brute force, are likely to be key to realizing that potential.
Driven by technology, toolkits and talent
By Claudine Modlin and Graham Wright
Advanced analytics is helping some insurers offer innovative products and solutions. What do insurers need to know about the changing nature of analytics and whether it is worth the investment? Claudine Modlin and Graham Wright discuss technology, toolkits and talent — topics that may help you decide.
Risk transfer is part of a comprehensive solution
By Adeola Adele, Patrick Kulesa, Kevin Madigan and Alice Underwood
Given the dynamic nature of cyber-risk, taking a multidimensional approach that integrates board governance, technology solutions, behavioral change and risk transfer solutions can help reduce risk to a manageable level.