UK firms face £3.2m bill for each data breach – IBM report

25th July 2023

IBM

Kristian McCann

0 0

A new report by IBM Security has revealed that the average cost of a data breach for UK businesses is £3.2m.

While not being in the top five countries for most expensive data breaches, the UK comes close, ranking sixth overall.

The cost of a UK data breach is slightly higher than the worldwide average of £3.4m. Some of the most data-sensitive industries such as finance and healthcare are those with the costliest data losses, with each sector losing £8.4m and £4.6m per breach on average respectively.

Data breaches usually involve a large number of data records being breached, and IBM Security estimates that the cost of breaches in 2023 per individual data record reached £128.

Kevin Pratt, Business Expert at Forbes Advisor, said: "As businesses continue to store more sensitive data, it's inevitable that once a breach happens, the cost of a breach increases as well.

"The report shows that the two major causes of data breaches are phishing (16%) and stolen credentials (15%). It also shows that the breaches caused by those types of attacks are the costliest, and technical issues such as system errors are the least common and least costly"

"What's important is to prevent the breaches through effective information security measures, and these measures don't always need to be overly technical.

"One of the best ways to protect yourself from the costliest of breaches is to make sure that everyone involved in the business reduces the risk of their passwords and account information being compromised"

"This involves simple steps such as multiple factor authentication to sign into accounts, and regular reminders for staff to update their passwords and credentials through continuous training and awareness.

"This is even more important if employees are working on mobile devices, especially if they are using their personal devices instead of work-issued ones. Use of personal devices for work purposes should be heavily discouraged as it gives less oversight to the business on account access, and opens new doors for malicious actors to steal credentials and account information."