David Willetts
David Willetts, Minister of State for University and Science, said the high cost of dealing with security breaches could negatively impact the UK economy. Reuters

Companies in the UK have reported a decrease in security breaches over the last 12 months, but the cost of dealing with those breaches have doubled.

Most damaging and sophisticated cyber attacks are causing companies of all sizes to spend much more money on cyber security despite an overall decrease in the number of breaches detected.

The Information Security Breaches Survey 2014 found that 81% of large organisations suffered a security breach, down from 86% a year ago. 60% of small businesses reported a breach, down from 64% in 2013.

However the average costs have doubled. For a small organisation (less than 50 employees), a serious breach costs between £65,000 and £115,000 to deal with, while a large organisation is paying on average anywhere from £600,000 to £1.5 million.

Much more damaging

While the majority of UK businesses increased IT security investment over the last year and confidence within companies that they are able to cope has also increased, the impact of serious security breaches has also become much more damaging.

Speaking at the launch of the report at the InfoSecurity Europe conference in London on Tuesday, David Willetts, Minister of State for University and Science said the positives like decreased breaches, increased investment in security and increased confidence are undermined by the huge rise in costs of these breaches.

And this could have a particularly negative impact on the UK, Willetts said:

"We pride ourselves on having a particularly large and growing online economy, with the internet accounting for 8% of GDP."

Maintain confidence

The MP, who is one of three responsible for cyber security within government, added it was important the government "maintain confidence" in doing business online which is why the government has put in place the Cyber Security Strategy - the government's four-year £650m plan to combat cyber attacks.

One of the main reasons for the large spike in costs to enterprises is the increased sophistication of the attacks targeting them.

Andrew Miller, cyber security director at PwC said: "Breaches are becoming more sophisticated and their impact more damaging. As the average cost of an organisation's worst breach has increased this year, businesses must make sure that the way they are spending their money in the control of cyber threats is effective."


Last year saw an big increase in attacks on smaller companies, as cyber criminals looked to target companies which may not have put in place sufficient security measures to protect themselves or their customers. While small companies continue to face threats, criminals seem to have refocused there attention on large companies using more sophisticated malware to avoid detection.

While the number of overall breaches may have declined, the number of organisations who reported a serious breach has gone up, especially amongst smaller companies, and this figure is at all time high for both large and small organisations.

The survey recorded three main attack vectors for these serious breaches - malware infections, confidential data loss and outsider attack - which make up the vast majority of serious attacks.

Another major problem for companies continues to be their own staff with 31% of the worst security breaches caused by inadvertent human error within a company, while a further 20% were caused by staff purposefully undermining their own company's security.