show image

Data security incidents cost the average UK company £550,000 to fix – each time

Data protection and cyber security issues are not currently the most expensive business risk faced by mid-sized companies, but according to research from KPMG Enterprise, they’re still pretty costly.

Each incident is estimated to cost £550,000 to address, representing £63m paid out last year by leaders of the 222 companies surveyed.

Ben McDonald, partner at KPMG Enterprise, warned that ‘whaling’, where fake emails are sent to senior execs pretending to be from a supplier, are “massively on the increase”.

Snapchat was famously hit by an email scam earlier this year claiming to be from its own chief exec Evan Spiegel asking finance staff for payroll information.

“Don’t assume that if you are hit, your cyber insurance will automatically pay out,” McDonald said. “Check the small print.”

The most significant risks reported by the companies surveyed for the Enterprise Barometer, all of which KPMG says are “within their control” to deal with, were those associated with the loss of a key customer, supplier or staff member.

The total cost of these risky business strategies to companies with a turnover of between £10m to £500m across the UK was estimated to be £48n in 2015, just over 5 per cent of total revenues each.