UK businesses received, on average, £237,402 worth of fines following data breaches or violation of data protection rules in the last 12 months according to new research published today by ISMS.online.
Data breaches were the second most reported cybersecurity incident (36%) facing businesses after phishing attacks (39%). Respondents listed financial data as the most likely type of data to be compromised (50%), followed by customer data (48%) and employee data (42%).
This was one of several findings in ISMS.online’s latest State of Information Security report which surveyed 500 information security (infosec) professionals in the UK, comprising managers, directors, and C-level executives.
According to the survey, businesses respond to cyber incidents by increasing information security budgets and team sizes. However, in many cases this is too late with businesses facing heavy financial penalties following an attack, not to mention the immeasurable reputational damage a breach can cause.
Despite 90% of infosec leaders agreeing that leadership teams view strong information security as a top priority, only two thirds (64%) expect to increase their infosec budgets in the next 12 months and just over half (54%) intend to bolster their teams.
However a significant cohort (39%) listed budget constraints as their top challenge signifying that many infosec leaders don’t think planned budget increases will go far enough.
Luke Dash, CEO, ISMS.online, said: “The potential impact of breaches can be crippling for businesses with the average fine nearing a quarter of a million pounds. We see time and time again companies unaware of the potential impact fines could have on them, let alone the threat to reputation and customer loyalty.
“Budgets are tight and businesses in the UK are facing rising costs across the board but not investing in key areas to do with cyber security is a false economy. Investing in infosec not only protects information assets but also builds trust, wins business, and highlights efficiencies that make a measurable difference to an organisation’s bottom line. In other words, good information security practices are good for business.”