Cyber-attacks cost UK businesses over £34bn each year according to a new study from a leading economic analyst. The report also reveals that many CTOs believe the government is not doing enough to help them.
The Centre for Economics and Business Research (CEBR) report claimed that £18bn worth of revenue is lost in cyber incidents each year, while £16bn is spent on IT investments following a breach.
Some 60% of CTO respondents to the survey, sponsored by Veracode, claimed that the government isn’t doing enough to prevent cyber-attacks, while even more (70%) said they thought current security policies block innovation.
The top concerns when it comes to data breaches are costs accrued from forensics and clean-up, legal and other elements, as well as reputation and brand damage.
Corporate IP theft ranked all the way down in sixth place. The report notes that in the US it’s a top-three board priority, with around a third of cybercrime in the UK resulting in theft of intellectual property.
The majority of respondents (88%) said they had increased security spending as a result of a breach, while on a positive note, more than half of CEOs (57%) said they hold themselves accountable for an incident.
“The UK economy is under siege from cyber attackers and the UK government should look to other successful private/public partnerships – such as Swiss banking regulations, German data privacy laws and US breach disclosure laws – as a model of how to improve the situation for us all,” said Adrian Beck, Veracode’s director of enterprise security program management.
“For example, disclosure laws would require firms to report breaches in a timely fashion, thereby protecting consumers from identity theft and encouraging companies to implement best practices when dealing with cybersecurity.”
The report comes in the same week another major report claimed that CISOs face a 38% increase in the cost of managing cybersecurity risk over the next decade.
The 130-page study from the non-profit RAND Corporation revealed that the effectiveness of security tools can drop by as much as 65% over the course of 10 years, making astute investments all the more important.
It recommended security bosses focus on security management, automation and policy enforcement to get the best RoI over that kind of time frame, as well as investing in new staff and training existing employees.
This could reduce the cost of managing risk by 19% in the first year and by as much as 28% by the tenth, the report claimed.