Why businesses must act now to strengthen cyber security

The vast majority of businesses are well aware of the risks posed by cyber attacks. Last year saw high-profile online assaults on the likes of Home Depot and Sony Pictures, while an attack on eBay last May saw hackers steal the personal details of 233 million users.

These incidents – and many more besides – proved that cybercrime causes much more than just a few hours of downtime: at its worst, it can result in huge damage to a company’s reputation.

The true cost of cybercrime

Now, a new study from the UK government and PwC has put a monetary value on the cost of such attacks. The Information Security Breaches Survey 2015, launched at this month’s Infosecurity Europe conference, reveals that the most severe online attacks cost big businesses at least £1.46 million – more than double last year’s figure of £600,000.

But it’s not just big businesses that are suffering at the hands of cyber criminals. For small and medium-sized enterprises, the cost of the average breach ranges from £75,000 to £310,800, compared with a maximum of just £115,000 a year earlier.

Security chiefs won’t be banking on the volume and scale of these attacks diminishing any time soon. Put simply, crime appears to pay: separate research from Trustwave, also released in June, shows that cyber criminals received an estimated 1,425 per cent return on investment – or £53,000 net revenue for each £3,720 invested – from running ‘exploit kit’ and ‘ransomware’ schemes in 2014. Retail was found to be the most targeted industry, cropping up in 43 per cent of Trustwave’s investigations, followed by food and beverage (13 per cent), and hospitality (12 per cent).

The scale of the problem

According to the government and PwC, 90 per cent of large organisations and 74 per cent of SMEs have suffered some form of information security breach. Not only have attacks from outsiders become more frequent, but incidents involving staff are also more commonplace, with 75 per cent of large businesses and 30 per cent of smaller ones being hit by such a breach.

The research demonstrates that businesses must consider a wide variety of measures when implementing plans to crack down on cyber attacks. It is not enough to invest in network security or protect against malware; companies must be wary of the threats posed by everything from mobile and home-based working, to removable media controls and managing user privileges.

Andrew Miller, PwC’s cyber security director, stressed that all organisations must consider how they defend against and deal with the cyber-based threats facing them. Such attacks are becoming increasingly sophisticated – with their effects often amplified through the involvement of internal staff – and the impacts are both expensive to deal with and long-lasting.

Digital economy minister Ed Vaizey added: “The UK’s digital economy is strong and growing, which is why British businesses remain an attractive target for cyber-attack, and the cost is rising dramatically. Businesses that take this threat seriously are not only protecting themselves and their customers’ data but securing a competitive advantage.”

Our Market Reports combine our review of the prevailing conditions in the security recruitment market together with the results of our 2015 employer survey.

Looking for a new cyber security job role or cyber security recruitment? Contact a Barclay Simpson specialist recruitment consultant today.