UK companies are being dealt a double financial blow as they attempt to protect their businesses against online attacks.
A new study commissioned by the Department for Business, Innovation and Skills found that firms were spending more to ward off the threat of their servers being compromised by hackers.
In addition, the costs associated with a significant cyber security breach have also soared for the third consecutive year and can now top £1 million for larger organisations.
The research – compiled by accountants PwC – found that for small firms the average cost of a worst-case breach was between £65,000 and £115,000.
Overall, 81% of large concerns with more than 250 employees reported an online security breach over the past year while 60% of small businesses with fewer than 50 staff said they had suffered at least one issue in the period.
Both figures are down on 2013 when 86% of large firms and 64% of small firms reported problems, but the report’s authors found that costs arising from cyber security issues had increased.
Rob MacGregor, cyber security specialist at PwC in Scotland, said many companies were still not doing enough to protect their interests online.
“Despite the number of breaches impacting UK business falling slightly in the last year, the number remains high and in many organisations there needs to be more done to drive actual management of security risks,” Mr MacGregor said.
“This year the average cost of an organsation’s worst breach has increased.
“They must ensure that the way they are spending their money in the control of cyber threats is effective.
“As high end breaches become more damaging and sophisticated, boards need to be reviewing threats and vulnerabilities on a regular basis.
“Organisations also need to develop the skills and capability to understand the risk, how it could impact their organisation and what the appropriate strategic response should be.”
The survey found that UK companies experienced five main security breaches per year, with the average small firm experiencing some form of cyber attack or breach every eight weeks.
Not all problems came from outwith an organisation with staff-related breaches – whether caused through ignorance, human error or malice – accounting for 58% of threats to larger organisations and 22% of breaches at small companies. Again, those figures dropped during the year from 73% for larger businesses and 41% for small.
The survey also reported that a majority of companies which had suffered staff related breaches admitted having a poor understanding of their own online security policy – a finding which suggests that investment in ongoing awareness training could result in fewer problems.
David Willetts, universities and science minister, said more needed to be done to stop businesses and educational instititions from having their digital operations compromised.
“These results show that UK companies are still under cyber-attack,” Mr Willetts said.
“Increasingly those that can manage cyber security risks have a clear competitive advantage.
“Through the National Cyber Security Programme, the government is working with partners in business, academia and the education and skills sectors to equip the UK with the professional and technical skills we need for long-term economic growth.”