Cybercrime is a big problem for the UK. It’s estimated to cost the economy £27 billion a year. And that number is only going to grow for the foreseeable future.
One of the most high-profile and impactful areas of cybercrime is data breaches. You know those stories where a company is hacked and their data is either held ransom, leaked to the world, or sold? That’s a data breach.
At worst, the average cost of a data breach for businesses can be devastating. At best, they’re an expensive nuisance that forces you to stay on your toes.
Large and medium businesses are targeted the most. Their data is the most valuable for cybercriminals, but also difficult to get.
Why? Well, they have more budget to spend on cybersecurity and experts. So, they can set up tough defences around their data.
These criminals will go after smaller businesses too. The rewards are smaller but the data's easier for them to get their hands on.
The government’s latest Cyber security breaches survey published in April 2023 reveals that 32% of UK businesses have identified a cyber-attack targeting them in the previous 12 months. For large businesses, this rises to almost 70%.
That’s a third of all UK businesses and nearly three-quarters of bigger organisations. Not forgetting many smaller businesses have no way of detecting cyber-attacks. So there are potentially thousands of attacks going unrecorded.
But just what is the average cost of a data breach? And what sort of impact can data breaches have on businesses?
What is the average cost of a data breach for UK businesses?
It’s difficult to put a firm number on the cost of a data breach in the UK. It depends on the size of your company, how much data you store, what your business does, and much more.
There are a few ways we can demonstrate it, though. First, we can look at the average cost of a data breach around the world. According to technology giant IBM, which looked at data from 17 different countries and regions, it was around £3.95 million in 2022. This is an increase of 8.1% from 2021, showing that cybercriminals might be getting better at finding and stealing data.
It’s worth mentioning that this stat doesn’t include very small or very large breaches. For huge companies that have vast amounts of data, a breach will cost them a lot more.
Likewise for small businesses, the cost will be a lot lower as they store much less data.
So, let’s look at it another way.
Every year, cybercrime costs businesses that are breached or attacked around £15,300. Looks a lot lower than £3.95 million, doesn’t it? Well, this stat includes all forms of cyber-attack, not just data breaches.
Other kinds of cyber-attack will be much cheaper to sort out. Especially those that don’t involve stolen data.
This stat also takes into account very small businesses, which IBM didn’t do in their study. Thousands of small businesses are affected by cybercrime every year. But naturally, their clean-up costs are a lot lower.
Regardless, this amount of money can cause real problems. But there are other, less measurable issues that they might have to face…
How often are small businesses hit by cyber-attacks?
We won’t mince words. A successful data breach of a small business can cause chaos.
Why? Well, it comes down to investment in cybersecurity. A small business doesn’t have as much budget to spend on defending themselves from cybercriminals.
They also don’t have as much access to experts who can monitor and log attacks.
A report by insurance provider Hiscox estimated that UK small businesses are targeted with 65,000 cyber-attacks per day. And that over 4,500 of these attacks are successful.
This means that a small business is successfully breached every 19 seconds.
How much do data breaches cost small businesses?
What does being breached actually mean for a small business? To start, it costs them about £25,700 in clean-up costs. This includes restoring systems, paying ransoms, replacing hardware, and investing in better security after they’ve been breached.
The second big hurdle they have to face is less measurable. Business interruption, damage to their reputation, difficulty getting customers in the future. These problems are far more likely to lead to a small business closing after a data breach.
A report by PCI Pal found that 44% of consumers wouldn’t spend with a business for several months after a data breach. 41% went even further, saying they wouldn’t return to the business at all.
With this in mind, it’s easy to see how a small business could struggle to keep its doors open.
What are the different kinds of data breaches?
There are many different kinds of data breaches. Some of which are complex and nuanced, while others are about as subtle as throwing a brick through a window.
The main ones you need to watch out for involve exploiting human error. 95% of all cybersecurity incidents are successful because of human error.
That’s why training your staff is so important. So they can avoid the tricks and tactics that cybercriminals love to use.
These include phishing emails, where a fake email is used to gain access to a system. Or ransomware, where someone inadvertently installs malware on your network, allowing a cybercriminal to hold your data hostage in exchange for a ransom payment.
Outside of human error, there are physical breaches. A criminal might steal an employee’s laptop or phone, or break into your office and rip a hard drive out of a computer.
These are just a few examples of data breaches. In reality, there are dozens of techniques that cybercriminals use.
The most important thing is that you have some kind of cybersecurity in place. It’s all about prevention.
Where does GDPR come in?
You’ve probably heard a lot of talk about GDPR over the last few years.
It stands for General Data Protection Regulation. It’s a set of rules that makes sure personal data is used responsibly by businesses.
You’ll often hear about it when companies are fined for failing to follow the rules. Usually in connection to a data breach.
When a company is breached, it might be found that it didn’t protect its data properly. This is a big no-no when it comes to GDPR.
So much so that they can be investigated by the regulator (the Information Commissioner’s Office) and fined up to £17.5 million, or 4% of their annual global turnover. Whichever is greater.
Smaller businesses probably wouldn’t see a fine anywhere near this level. But they can still be fined thousands of pounds.
Putting up the right defences
Don’t want to be on the receiving end of a data breach? We don’t blame you. Because the average cost of a data breach for small businesses in the UK and anywhere else can be crippling.
The best way to stop them is prevention. Investing whatever budget you can afford into cybersecurity will make a huge difference. The National Cyber Security Centre (NCSC) is a great resource for actionable advice.
And make it way harder for cybercriminals to sneak in and cause havoc.
Chances are, though, that you will be breached at some point. Being prepared for it can help you get ahead of the problems you’ll face.
Cyber insurance is a great way to do this. It’ll pay your recovery costs. Help you manage any PR difficulties you might face. And bring the average cost of a data breach right down
Some policies even offer online cybersecurity training for your staff. So you can avoid common pitfalls that can lead to data breaches.
Got any questions? Our blog has a bunch of great resources that can help you prepare for a cyber-attack. You can also give us a ring on 0345 222 5391 to chat with one of our friendly advisers about cyber insurance.
Image used under licence from iStock.cyber liability insurancemanaging riskrules and regulationsrunning a business