The cost of a data breach: revisited
In 2018, NCC Group released the ‘The Economics of Defensive Security’ whitepaper, which delved into the economic impact of cyber-attacks against the cost of defences. At the time, we found that larger businesses faced a trade-off between cyber security measures and data breach costs.
Two years on, there have been a number of changes to law that affect the cost of data breaches, including the introduction of the General Data Protection Regulation (GDPR) in May 2018.
With this changing regulatory landscape in mind, we’ve released an updated version of the whitepaper which revaluates our previous research in the context of new risks and GDPR.
The cost of data breaches in 2020
Drawing on figures from the Department for Digital, Culture, Media and Sport Cyber Security Breaches Survey and the Ponemon Institute, the analysis has found that while the costs of data breaches has increased overall, the annual number of data breaches has fallen, and that there has been a drop in the average cost per record for a data breach – from £120 to £116 per record.
This is positive news for organisations across the globe, implying that we’re more aware of the threats modern organisations face and the measures that can be implemented to prevent breaches from happening.
This fall might be down to increasing awareness among businesses, following efforts by the government and National Cyber Security Centre (NCSC) to educate businesses and provide practical guidance through several initiatives.
However, there has been an increase in average breach costs for specific sectors, including finance, with healthcare potentially facing breach costs reaching up to £320 million if one million records were exposed. On top of this, we also uncovered significant cost increases for any organisation found guilty of failing to comply with the requirements of GDPR.
While it’s promising to see a small drop in breaches, emphasis should still be on resilience and building proactive security measures that enable detection and containment of breaches as early as possible.
If you’d like to find out more about the cost of data breaches, read the full whitepaper here.
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.