Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042


Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

What’s the average cost of a cybersecurity data breach?

This is a question that I’m often asked to comment on and the reality is that it’s a figure that most people underestimate.

Accenture report that the cost for an Enterprise is somewhere between £600,000 and £1,115,000 but according to the Cyber Intelligence Research Group, 70% of all cyber-attacks are aimed at small businesses who typically have less security in place than their corporate counterparts (and are therefore easier targets). The UK Government’s figures report the average cost of a data breach for an SME at £310,000 per incident.

It’s interesting by comparison that in a recent Experian survey, they found that SME business owners estimated the cost to be circa £180,000 which is a big difference. I think one of the issues with sizing the expense of a data breach is that it depends what costs are being measured.

What is known, is that all the different reports are showing 100% ongoing annual increases in their figures, which is a major issue for the board of any sized business.

I’m also clear that the costs are only going to increase and in my experience businesses of all sizes are ill prepared for this.

Spear Phishing aimed at the board (otherwise known as Whaling or CEO Cybercrime) is rife. There is a successful attack every 15 minutes in the UK. This shows that current levels of cyber awareness within businesses are inadequate. The GDPR regulations which became law in May 2018 brought with them the expectation that staff are regularly and effectively educated, and it is something that the Information Commissioner expects to see as a sign that the organisation is taking the security of their client’s data seriously.

Cifa’s annual report Fraudscape released in April 2018 showed that identity fraud is rising and 80% of all fraudulent applications are made on-line. Someone has their identity stolen online every 3 seconds!

This increased level of online crime and growth in data breaches will attract fines from the ICO under GDPR and this will only increase the costs to SME’s.

According to insurers Zurich over 875,000 small, and medium sized businesses (SME’s) across the UK suffered a cyber-attack in the last 12 months and whilst many had claims of more than £50,000, the average SME is only spending £1,000 per year on cyber defences. Obviously, there is a mismatch here and I am hopeful that the GDPR regulations will force businesses to revaluate the importance of getting these defences and the education around this, proportionate to the very real risk.

A study in 2017 by Oxford Economics found that public companies’ shares fell an average of 1.8% on a permanent basis follow a serious breach and Lloyds of London claimed that a major cyberattack such as Wannacry that infamously crippled the NHS, could trigger average economic losses of £41bn which is akin to that of a natural disaster.

Cyber-attacks or data-breaches can impact sales, customer relations, market reputation and ultimately a business’s bottom line. These are all intangible costs in addition to the very real costs of legal services, regulatory fines, cyber consultants, new hardware software, training etc.

If you lived in a nice house in a high crime area you wouldn’t question investing in appropriate security and relevant insurance, many don’t do that until after their first break-in when it’s too late. When it comes to your business and to cybersecurity I urge you to give appropriate consideration and proportionate budget to the very real risk that you cannot avoid in today’s connected world.

Rob May is our Managing Director and is also a renowned cybersecurity expert. He is the Ambassador for Cybersecurity for the Institute of Directors in the South of England. He is a successful TEDx speaker, published author and international keynote speaker on the subject.

Download our eguide - Cybersecurity: the basics
Registration No. 26980136
Terms and Conditions | Privacy Notice
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2019 ramsac. All rights reserved.