The average total cost of a data breach now exceeds £3m, according to the latest Cost of a Data Breach Report.

The annual report, published by IBM in conjunction with research provided by the Ponemon Institute, highlights an increased risk to small businesses and a severe need for IT awareness training.

Cost of a Data Breach: Key Findings


Average total cost of a data breach


Costs mitigated as a result of a Business Continuity & Disaster Recovery Plan


Lost business is the biggest contributor to the cost of a data breach

£157 (enterprise) V £2,724 (SME)

The cost/head of a data breach for a large business and a SME


Malicious attacks are the most common cause of a data breach


The likelihood of suffering a data breach in 2019

279 Days

Average time to identify and contain a data breach

What does this mean for you?

The immediate takeaway from the report is that there is almost a 1 in 3 chance of suffering a data breach in 2019, and that the overall average cost (per incident) is over £3m.

The total cost of a data breach is determined by four key cost components: Detection & escalation; Notification; Post data breach response; and Lost business.

Your ability to meet these criteria defines how costly a data breach would be for your business.

Detection and Escalation
Activities that enable a business to detect and report a breach to appropriate personnel within a specified time period.

Activities that enable the business to notify individuals that their data has been compromised, including the meeting of regulatory requirements and engaging external advice if necessary.

Post data breach response
Processes set up to assist individuals or businesses affected by the breach, including increased inbound communications, reparations to victims and regulators, and associated legal expenditures.

Lost business
The cost associated with business disruption and revenue losses as a result of downtime, loss of both existing and new customers, and the diminishing of reputation.

However, the costs from a data breach can continue long into the future. Especially with the introduction of GDPR. This regulation holds data controllers (any businesses that hold personal data) responsible for the secure and responsible storage of personal data.

And the penalties aren’t small, as Google found out earlier this year. Fines can be issued of up to €20,000,000 or 4% of global annual turnover (whichever is greater). But you also have to consider the impact of a data breach on your business’s reputation.

GDPR penalties aside, people need to know that their data is secure, and if it isn’t? You’re probably going to be overlooked for a competitor.

Next Steps:
How to Mitigate Against a Data Breach

So, with all of this in mind, how do you prevent a data breach?

The short version is that you need a robust cyber security plan that includes regular testing and in-depth IT awareness training.

Why? Let’s look at the key factors involved in a breach:

Firstly, 51% of data breaches come as a result of a sophisticated malware attack. This could breach your business through a variety of forms, including network-borne attacks or malicious phishing emails.

With this in mind, you need to ensure that your network security is up to scratch, and if you’re not sure, bring in an IT consultant to analyse your existing setup.

System glitches (25%) and human error (24%) make up the remaining numbers when it comes to the root cause of a data breach. Both of these scenarios can be prevented with the delivering of robust IT awareness training.

System glitches can happen, but they’re far less likely if your business has a healthy IT culture. This includes regular patching of software and devices, and regular testing of cyber security solutions to ensure they are working as intended.

Human error, a prominent feature in the more costly phishing scams, often comes down to a lack of IT awareness or education. If staff are unaware of what to look out for, they cannot be vigilant for potentially malicious content. IT awareness training can therefore instil best practices and give your team the ability to act with confidence online.

How Business Continuity Planning Can Help

So, you’ve put your cyber security measures in place and your staff are drilled in all the best practices. You’re fully secured against a data breach, right?

Not quite.

Sometimes accidents just happen, and you can’t always account for these circumstances.

What your business must have, regardless of size, is a fully comprehensive Business Continuity & Disaster Recovery (BCDR) Plan. Whilst this cannot change the fact that data has been breached, a response plan enables you to deal with the fallout more efficiently.

For example, if you suffer downtime as a result of the data breach, what is your plan to get your business systems back up and running? Without access to your CRM, how are you going to meet your regulatory requirements by contacting your customers to inform them of the data breach?

The longer the downtime, the more revenue lost – and this includes new business, as well as your existing customers. In fact, at 36% of the total, lost business is the largest contributor to the cost of a data breach.

Companies with business continuity management in place were able to reduce their overall cost by £216,000. Whereas incident response planning saved as much as £925,000, according to IBM’s latest report.

This can be the difference between survival and failure, so if you’re yet to deploy a BCDR plan, it’s highly recommended that you start now.

To speak to Neuways about the topics addressed in this report, email us at
or call us on 01283 753 333.