The cost of cybercrime to businesses has doubled to more than £10bn over the past two years, research to be released today will reveal.
The survey by professional services firm PwC reveals that 92% of businesses have experienced security incidents over the past year ranging from hacking attacks to accidental leaks of data.
Each incident costs businesses between £280,000 and £690,000 to remedy - a significant increase from £90,000-£170,000 in 2008.
The survey shows that cybercrime is increasing again after reaching a peak in 2004 and declining in 2008.
The growth in incidents reflects the growing reliance businesses have on computer systems and the internet, PwC said. The rise of cloud computing has also left more businesses exposed to cyber-risks.
Some 61% of large companies said they had detected attempts to break in to their systems, up from 31% two years ago. One in six said an intruder had managed to get through their defences.
Large companies are dealing with an average of 45 incidents a year, up from 15 two years ago, the research reveals. Smaller businesses averaged 11 breaches a year with their worst incident costing upto £55,000, an average of £20,000 per incident.
PwC partner Chris Potter said that half the organisations questioned had increased their spending on IT security in the past year and the majorty were actively assessing their information risks, compared to just under half two years ago.
“However, this focus is not translating into fewer breaches of security; in fact, the number has risen to well over double what it was two years ago and has reached record levels for all sizes of organisation. All types of breach were on the increase and a conservative estimate is that the total cost of breaches to UK businesses in billions of pounds is now into double figures.”
The survey reveals that the loss of confidential data is a major concern for businesses. Among large organisations, 46% said staff had lost or leaked confidential data, and 45% of the confidentiality breaches were very or extremely serious.
Most organisations were pessimistic about the future, with 56% of large organisations and 43% of smaller organisations expecing more incidents next year.
Incidents affecting large businesses in the past year:
- 62% infected by a virus or malicious software (up from 21% in 2008)
- 61% have detected a significant attempt to breaking into their network (up from 31% in 2008)
- 15% have detected unauthorised intrudesr in their networks (up from 31% in 2008)
- 25% have suffered a denial of service attack (up from 11% in 2008)