Audit & Risk

How much does a cyber security breach really cost?

New research shows that the cost of cyber attacks is estimated to be higher for UK businesses than companies in the US, Germany, France, Sweden, Norway and Switzerland.

in News.

Article Image

Everyone can agree that the risk of cyber security breaches is on the rise, but what’s the average cost to a UK business of such an attack? 

Answer: £1.2m. And that’s before hidden costs such as reputational and brand damage are taken into account, plus an average anticipated drop in revenues of 13 per cent as consumers and other firms take their business elsewhere. 

This is according to research by global information security and risk management company NTT Com Security, which found that the UK's expected costs are higher than for any other country in the survey. 

Taken globally, across enterprises of all sizes, the average cost of a cyber breach is expected to be just short of $1m. However, the anticipated financial burden is heavier for larger companies. Businesses with fewer than 1,000 employees are on average liable to lose $362,550 compared with $1.47m for companies with more than 5,000 staff. 

In terms of remediation costs following a security breach, 18 per cent of a UK company’s costs would be spent on legal fees, 18 per cent on fines or compliance costs, 17 per cent on compensation to customers, and 11 per cent for third-party remediation resources. Other anticipated costs include PR and communications (14 per cent) and compensation paid to suppliers (12 per cent) and to employees (11 per cent).

Stuart Reed, a senior director at NTT Com Security, said in a statement: “Attitudes to the real impact of security breaches have really started to shift, and this is no surprise given the year we have just had. We’ve seen several major brands reeling from the effects of serious data breaches, and struggling to manage the potential damage, not only to their customers’ data, but also to their reputation.”

NTT surveyed 1,000 business decision makers in the US, UK, Germany, France, Sweden, Norway and Switzerland. Its findings show that while 48 per cent of UK businesses say that information security is vital to their organisation and just half agree it is good practice, a fifth admit that poor information security is the single greatest risk to the business, ahead of decreasing profits (12 per cent), competitors taking market share (11 per cent) and on a par with lack of employee skills (21 per cent).

Access the full report here


The IIA: find out more

Visit the main IIA site

Jobs

Auditor

Post Number: FSA02
Grade: 7- SO2 Salary: £23,166 - £29,854
Hours: 37 per week

Audit Manager

£38,789 - £42,474 pa
37 hpw, permanent.

Senior Internal Auditor

Sector: Not For Profit
Salary: £41,000 (raising to £46,000 after probation)
Location: London
Job Ref: SD/148943

Careers advice

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Training & Development

CPE: Solid foundations

Continuing professional education is an important tool for developing your skills, progressing through your career and ensuring that the qualification and the profession are respected. The Chartered IIA’s CPE requirements will be changing in April to bring them into line with those of IIA Global. So what do you need to know to stay ahead?
Words: Ruth Prickett

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

Tools

You asked us

Our technical helpline provides valuable advice to members on a host of professional issues. Here are some of the questions you’ve recently asked.

Early warning systems

New regulatory demands for whistleblowing – or “speak up” – policies are raising the bar on best practice. Internal auditors need to take note.
Words: Alexander Glebovskiy

CPE: Solid foundations

Continuing professional education is an important tool for developing your skills, progressing through your career and ensuring that the qualification and the profession are respected. The Chartered IIA’s CPE requirements will be changing in April to bring them into line with those of IIA Global. So what do you need to know to stay ahead?
Words: Ruth Prickett