Cybercrime is now serious business. We’ve seen several major brands reeling from the effects of serious data breaches, and struggling to manage the potential damage, not only to their customers’ data, but also to their reputation.

It’s now hitting home that organisations can’t afford to ignore the impact that cyber attacks can have on their bottom line. The results from our latest Risk:Value report show just how significant the consequences can be. On a global average, organisations estimate a breach would take nine weeks to recover from and would cost $907,053. This is even before the cost of any reputational damage, brand erosion and lost business are taken into consideration. For UK businesses alone, the effects are more severe with the cost of recovery rising to a whopping £1.2 million along with an anticipated 13% drop in revenue.

The risk of attack is unlikely to diminish and the sophistication and frequency of attacks will continue to grow. It’s therefore a matter of urgency that businesses are putting in place the people, processes and technology to help them minimise the effects of a data breach.

We are already seeing attitudes to the real impact of security breaches shifting. It’s particularly encouraging to see that most businesses now have a disaster recovery and formal information security policy in place, or are planning to implement one soon but there’s still lots to do. Clear, concise internal processes and policies for employees and contractors have so often been overlooked and this is what can lead to complacency and poor security hygiene.

When we partner with clients, we make it clear that educating all staff about security should be a top priority, supported by clear, simple procedures and backed up by a solid incident response plan. We also discuss why data security should no longer be regarded as the domain of a particular technology or the IT department. Rather, it should be seen as a collective responsibility by everyone within the organisation to actively manage risk.