The financial toll of data breaches in the UK has soared to an average of £3.58 million between March 2023 and February 2024, according to IBM’s 19th annual Cost of a Data Breach report. This figure represents a 5% increase from the previous year, reversing a trend of declining costs. Financial services have been hit hardest, with breach costs in this sector averaging over £5.4 million, followed closely by the professional services and technology sectors.
The report underscores the escalating impact of cyber-attacks on UK businesses. The rising costs are primarily attributed to lost business and the expenses associated with breach response and recovery. Notably, recovery efforts are protracted, with only 12% of organisations managing to address breaches within 100 days.
Additional factors contributing to the increased costs include regulatory fines, issues with Internet of Things (IoT) and operational technology, and disruptions within supply chains. Martin Borrett, Technical Director of IBM Security for the UK and Ireland, highlighted the growing urgency for enhanced security measures. “In an environment marked by escalating cyber threats, this year’s report reveals significant vulnerabilities and strategic opportunities,” Borrett said. “Security AI and automation are proving vital in expediting incident response and mitigating both breach expenses and business impacts. It’s crucial for businesses to adopt AI-driven security solutions and address regulatory non-compliance and IoT vulnerabilities.”
The report identifies stolen credentials as the leading cause of breaches, with an average cost of £4.27 million per incident. Phishing and business email compromise also feature prominently among breach causes. Malicious insider threats are the most expensive, averaging £4.36 million per breach.
The Zscaler ThreatLabz unit has reported a record ransom payment of $75 million to the Dark Angels ransomware group, warning that such high-profile payments are likely to spur similar attacks and further drive up breach costs.
Globally, a severe shortage of security professionals has exacerbated breach expenses. Matthew Evans, Chief Operating Officer and Markets Director at TechUK, emphasised the critical need for investment in advanced security measures. “The IBM 2024 Cost of a Data Breach report highlights the urgent necessity for businesses to bolster their security frameworks, including the implementation of AI-powered prevention and automation technologies,” Evans said.
Achi Lewis, Area VP EMEA for Absolute Security, added, “Maintaining a robust cyber resilience posture is crucial for preventing, responding to, and recovering from cyber threats. Effective technology systems and protocols can significantly mitigate breach severity, reducing the substantial financial, legal, and reputational costs associated with data loss.”
Lewis further warned of the growing threat posed by ransomware. “Our research indicates that 69% of Chief Information Security Officers (CISOs) believe the financial repercussions of a successful ransomware attack could cripple their organisations. It is essential for organisations to have comprehensive cyber resilience policies in place, providing real-time monitoring and alerts across all devices and applications to detect and respond to suspicious activity. As ransomware payments continue to rise, this serves as a timely reminder that preparedness can save millions.”
For further information, the full IBM report is available on their website.