UK data breach costs soar to £3.58m

The average cost of a data breach in the UK rose to £3.58 million between March 2023 and February 2024, marking a 5% increase from the previous year and reversing a previous decline. Financial services experienced the highest costs, followed by professional services and technology sectors, each averaging over £5.4 million per breach.

The 19th annual IBM Cost of a Data Breach report highlights the growing disruption and collateral damage caused by cyber attacks. Increased costs are largely due to lost business and post-breach responses, with recovery taking over 100 days for the minority (12%) who manage it.

Additional cost drivers include regulatory fines, impacts on IoT or operational technology, and supply chain issues. “In a landscape marked by increasing cyber threats, this year’s report highlights critical vulnerabilities and strategic opportunities,” said Martin Borrett, technical director of IBM Security for the UK and Ireland.

“Security AI and automation are effective in supporting team efforts to identify and accelerate incident response, helping UK companies reduce both breach expenses and business impact. Robust, AI-driven security measures are essential, and addressing regulatory non-compliance and IoT vulnerabilities remains crucial.”

The report also revealed that stolen credentials were the leading cause of breaches, costing £4.27 million on average, followed by phishing and business email compromise. Breaches caused by malicious insiders were the most expensive, averaging £4.36 million.

The Zscaler ThreatLabz unit reported a record $75 million ransom payment to the Dark Angels ransomware group, warning that such high payments will likely inspire similar attacks, increasing overall costs.

Globally, severe security staffing shortages contributed to higher breach costs. “The IBM 2024 Cost of a data breach report underscores the urgent need for businesses to invest in robust security measures, including AI-powered prevention and automation technologies,” said TechUK chief operating officer and markets director Matthew Evans.

Achi Lewis, Area VP EMEA for Absolute Security, commented: “Having the right cyber resilience posture in place to prevent, respond and recover from cyber threats continues to remain more cost-effective than suffering a major breach. With the right technology systems and protocols in place, organisations can mitigate the severity of breaches and limit downtime, reducing the high financial, legal and reputational costs of data loss.

“Ransomware, especially, can wreak havoc against any organisation. In fact, our research highlighted that 69 per cent of CISOs claim the financial repercussions of a successful ransomware attack could cripple their organisations. It is therefore essential that organisations have robust cyber resilience policies in place, providing real-time monitoring and alerts across a network on all devices and applications to detect and report suspicious activity. With ransomware payments on the rise, it’s a timely reminder that cyber preparedness can save millions.”