Follow NCC Group Newsroom

The cost of a data breach: revisited

News   •   Apr 30, 2020 15:47 BST

Shutterstock: Royalty-free stock vector ID: 720224404

In 2018, NCC Group released the ‘The Economics of Defensive Security’ whitepaper, which delved into the economic impact of cyber-attacks against the cost of defences. At the time, we found that larger businesses faced a trade-off between cyber security measures and data breach costs.

Two years on, there have been a number of changes to law that affect the cost of data breaches, including the introduction of the General Data Protection Regulation (GDPR) in May 2018.

With this changing regulatory landscape in mind, we’ve released an updated version of the whitepaper which revaluates our previous research in the context of new risks and GDPR.

The cost of data breaches in 2020

Drawing on figures from the Department for Digital, Culture, Media and Sport Cyber Security Breaches Survey and the Ponemon Institute, the analysis has found that while the costs of data breaches has increased overall, the annual number of data breaches has fallen, and that there has been a drop in the average cost per record for a data breach – from £120 to £116 per record.

This is positive news for organisations across the globe, implying that we’re more aware of the threats modern organisations face and the measures that can be implemented to prevent breaches from happening.

This fall might be down to increasing awareness among businesses, following efforts by the government and National Cyber Security Centre (NCSC) to educate businesses and provide practical guidance through several initiatives.

However, there has been an increase in average breach costs for specific sectors, including finance, with healthcare potentially facing breach costs reaching up to £320 million if one million records were exposed. On top of this, we also uncovered significant cost increases for any organisation found guilty of failing to comply with the requirements of GDPR.

While it’s promising to see a small drop in breaches, emphasis should still be on resilience and building proactive security measures that enable detection and containment of breaches as early as possible.

If you’d like to find out more about the cost of data breaches, read the full whitepaper here.