Six in ten UK businesses faced at least one cyber related data breach fine in the past year with financial info the most popular target.
UK businesses received, on average, £237,402 worth of fines following cyber related data breaches or violation of data protection rules in the last 12 months according to new research by ISMS.online.
Data breaches were the second most reported cyber security incident (36%) facing businesses after phishing attacks (39 per cent). Respondents listed financial data as the most likely type of data to be compromised (50 per cent) followed by customer data (48 per cent) and employee data (42 per cent).
This was one of several findings in ISMS.online’s latest State of Information Security report which surveyed 500 information security (infosec) professionals in the UK, comprising managers, directors, and C-level executives.
According to the survey, businesses respond to cyber incidents by increasing information security budgets and team sizes. However, in many cases this is too late with businesses facing heavy financial penalties following an attack, not to mention the immeasurable reputational damage a breach can cause.
Despite 90 per cent of infosec leaders agreeing that leadership teams view strong information security as a top priority, only two thirds (64 per cent) expect to increase their infosec budgets in the next 12 months and just over half (54 per cent) intend to bolster their teams.
However a significant cohort (39 per cent) listed budget constraints as their top challenge signifying that many infosec leaders don’t think planned budget increases will go far enough.
Luke Dash, CEO of ISMS.online, said: “The potential impact of breaches can be crippling for businesses with the average fine nearing a quarter of a million pounds. We see time and time again companies unaware of the potential impact fines could have on them, let alone the threat to reputation and customer loyalty.
“Budgets are tight and businesses in the UK are facing rising costs across the board but not investing in key areas to do with cyber security is a false economy. Investing in infosec not only protects information assets but also builds trust, wins business, and highlights efficiencies that make a measurable difference to an organisation’s bottom line. In other words, good information security practices are good for business.”
