The cost of recovering from of a security breach for UK organisations has been estimated in a new report launched today by NTT Security, the specialised security company of NTT Group. The 2017 Risk:Valuereport, the company’s third annual study of business decision makers’ attitudes to risk and the value of information security to global organisations, reveals that a UK business would have to spend £1.1m ($1.4m) on average to recover from a breach – more than the global average of £1m ($1.3m), which has gone up from the previous report’s $907,000 estimate.
The study of 1,350 non-IT business decision makers across 11 countries, 200 of which are from the UK, also reveals that respondents anticipate it would take, on average, almost three months (80 days) to recover from an attack, almost a week longer than the global average of 74 days. UK respondents also predict a significant impact of their organisation’s revenue, suggesting as much as a 9.5% drop, which fares slightly better than the global average of nearly 10%.
In the UK, business decision makers expect a data breach to cause short-term financial losses, as well as affect the organisation’s long-term ability to do business. More than two-thirds (64%) cite loss of customer confidence, damage to reputation (67%) and financial loss (44%), while one in 10 anticipate staff losses, and 9% expect senior executives to resign following a security incident.
Most telling from the report is that 63% of respondents in the UK ‘agree’ that a data breach is inevitable at some point, up from the previous report’s UK figure of 57%. However, less than half (47%) say that preventing a security attack is a regular board agenda item, suggesting that more still needs to be done for it to be taken seriously at a boardroom level in the UK.