Costs rise on data breach fallout

USB stick, SPL
Image caption Many data breaches involve the loss of data on USB sticks and laptops

Security breaches, in which firms lose data by malice or neglect, are costing more to deal with, suggests a report.

The average data breach costs UK firms about £1.9m annually, found the report from security firm Symantec.

The expenses are generated by clearing up after breaches, loss of clients and rebuilding trust with customers.

The costs have gone up for the third year running as the number of attacks rises and regulators push firms to keep defences up to date.

The biggest incident logged in the report cost the firm involved about £6.2m, a leap of £2.3m from the biggest incident in 2009.

System failures, of both policies and technology, accounted for the biggest proportion, 37%, of all cases sampled for the report which was written with the aid of the Ponemon Institute.

Negligence, in which employees lose vital data on laptops, phones or USB sticks, accounted for 31% of cases. Encryption systems, which scramble data on these devices, were becoming increasingly popular way of limiting this type of loss, said the report.

The most expensive threats to defend against were those coming from cyber criminals, said Robert Mol, a spokesman from Symantec.

"The biggest threats we see are the hostile attacks from outside," he said.

No matter how data went missing, he added, costs were generated by every stage of the recovery process. Companies spent money investigating incidents, fixing systems and re-training staff.

One big cost, he said, was in finding new customers as some existing ones may walk away after being notified of a breach.

Added to this, he said, was a growing burden of regulations and compliance that tried to hold companies to high standards.

"Putting measure in place after the fact is not good enough any more," he said. "Companies need to be alert now rather than waiting for the event to happen."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites