Research has been published today showing that FTSE organisations lose, on an average, £120 million more from data breaches.
Conducted by Oxford Economics and commissioned by cyber security experts CGI, the research also found that it also leads to a permanent fall in share prices.
An average of 1.8 per cent is wiped off share prices of all listed companies following cyber attacks and data breaches.
The finding is no surprise as even though, according to the same Gemalto Security Breach Report (that CGI & Oxford Economics based their research on), while the number of breaches has fallen, the amount of data collected has gone up by 1000 percent.
Wonga data breach: What it means for the cyber security industry
For the report, Oxford Economics examined 315 breach events with a focus on 65 ‘severe’ and ‘catastrophic’ breaches that have taken place since 2013 across seven global stock exchanges. They found that the monetary loss to investors was actually quite severe- to the tune of at least £42bn. They also found that the sector that fared the worst was healthcare, although criminals usually target companies who have financial records on their books. ‘Companies that perform financial transactions tend to be targeted because of the potential for cyber criminals to make money out of them,” Dr Andrew Rogoyski, vice president of cyber security services at CGI UK, told The Independent.
‘Healthcare is an example of a sector that suffers a large number of breaches but isn’t necessarily targeted, because there aren’t many ways to monetise attacks on health companies, yet.” he added.
The Financial Services Authority has reclassified cyber security to the top of the pile as far as priorities go. ‘What we will be looking for is a ‘security culture’ in firms of all sizes – from the Board down to every employee. Cyber is not just an IT issue, but covers people, processes and technology. The key is: good governance, identification and protection of key assets, detection, response and recovery and information sharing, with the regulator and other parties,’ said Nausicaa Delfas, Director of Specialist Supervision, FSA at a recent event.
A slap on the wrist fine by the ICO is least of their worries and Jon Fielding, Managing Director of Apricorn in EMEA says: ‘Organisations should analyse the data they house and remove anything identified as unnecessary. They will also need to document exactly how data is processed, stored, retrieved and deleted through its lifecycle to pinpoint where data may be unprotected and/or at risk. This thorough analysis will then enable them to identify technologies, policies and processes that can remedy any shortcomings.’
While the list is growing with the recent Wonga data breach and the Talk Talk, Yahoo and Tesco Bank still fresh in memory, it would seem the understanding of the gravity of the situation is still lost to majority of business owners.