The cost of recovering from of a security breach for UK organisations has been estimated in a new report launched today by NTT Security, the specialised security company of NTT Group.
The 2017 Risk:Value report, the company’s third annual study of business decision makers’ attitudes to risk and the value of information security to global organisations, reveals that a UK business would have to spend £1.1m ($1.4m) on average to recover from a breach – more than the global average of £1m ($1.3m), which has gone up from the previous report’s $907,000 estimate.
The study of 1,350 non-IT business decision makers across 11 countries, 200 of which are from the UK, also reveals that respondents anticipate it would take, on average, almost three months (80 days) to recover from an attack, almost a week longer than the global average of 74 days.
UK respondents also predict a significant impact of their organisation’s revenue, suggesting as much as a 9.5 percent drop, which fares slightly better than the global average of nearly 10 percent.
In the UK, business decision makers expect a data breach to cause short-term financial losses, as well as affect the organisation’s long-term ability to do business. More than two-thirds (64 percent) cite loss of customer confidence, damage to reputation (67 percent) and financial loss (44 percent), while one in 10 anticipate staff losses, and 9 percent expect senior executives to resign following a security incident.
Most telling from the report is that 63 percent of respondents in the UK ‘agree’ that a data breach is inevitable at some point, up from the previous report’s UK figure of 57 percent. However, less than half (47 percent) say that preventing a security attack is a regular board agenda item, suggesting that more still needs to be done for it to be taken seriously at a boardroom level in the UK.
Linda McCormack, VP, UK & Ireland at NTT Security, comments: “Companies are absolutely right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand and reputational damage.
“Although this year’s £1.1m figure is slightly down on last year’s report (£1.2m), no company, regardless of its size, sector or focus, can afford to ignore the consequences of what are increasingly sophisticated and targeted security attacks, like the widespread and damaging ransomware attack we recently witnessed.“