The cost and time it takes to recover from of a security breach has been estimated in our Risk:Value report. In this guest blog post, Linda McCormack, Vice President UK & Ireland at NTT Security, explores one of the biggest issues facing UK companies today.
Organisations are under constant attack from increasingly sophisticated, determined and agile hackers. How well they recover in the event of such an attack has a direct impact on the resilience of the business. And it appears that UK organisations are a little slower than their counterparts around the world.
Our study of 1,350 non-IT business decision makers across 11 countries, 200 of which are from the UK, reveals that a UK business would have to spend £1.1m ($1.4m) on average to recover from a breach – more than the global average of £1m ($1.3m), which has gone up from the previous report’s $907,000 estimate.
It also reveals it would take, on average, 80 days to recover from an attack, almost a week longer than the global average of 74 days. Furthermore, UK respondents predict a significant impact of their organisation’s revenue, suggesting as much as a 9.5 per cent drop.
Companies are right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand and reputational damage. No company, regardless of its size, sector or focus, can afford to ignore the consequences of security attacks, like the widespread and damaging ransomware attack we recently witnessed.
On a positive note, an encouraging 72 per cent of UK business decision makers say their organisation has a formal information security policy in place, compared to the global average of 56 per cent and another 16 per cent are in the process of implementing one. But, while 83 per cent say it has been communicated internally, less than one third say company employees are fully aware of the policy.
Creating security policies seems to be a work in progress for many UK businesses. Unfortunately, they become redundant if they are not properly communicated and shared throughout the whole organisation, and sadly our report backs that up. We see time and again organisations with good intentions when it comes to security and response planning, but then it falls to the bottom of the priority list due to a lack of resources, budgets and time. The fact that they are struggling to find the right resources and processes to support the fundamentals in information security and risk management planning is a major concern.
So, while UK businesses are making some advances in cybersecurity, there are still some significant chasms to cross if they are to weather the storm of a cybersecurity breach and remain resilient.
To find out how UK businesses – and those around the world – are addressing information security risk, download the 2017 Risk:Value report here: www.nttsecurity.com/RiskValue2017