evievee09 - Fotolia

Malicious insiders and DDoS attacks cost UK business the most

In 2017, the most costly or damaging cyber attacks for UK businesses have been malicious insiders and denial of service, research has revealed

Attacks involving malicious insiders cost UK businesses an average of £144,501, according to a study by the Ponemon Institute commissioned by professional services firm Accenture.  

Distributed denial of service (DDoS) attacks have been the second most costly type of attack, with an average price tag of £96,668 per incident.

Business disruption and information loss represents the costliest consequence of cyber crime, accounting for 75% of losses in the UK.

The survey of 332 company representatives also revealed that organisations are working harder and spend more time trying to contain malicious code attacks (56.6 days) and malicious insiders (47.6 days), with ransomware being the fastest-growing type of attack, up 25% in the past year.

“This should be a concern to UK businesses when the average ransomware attack could cripple operations for as long as five weeks and the financial consequences of information loss are set to increase with the GDPR [EU General Data Protection Regulation] compliance deadline in May 2018,” said Rick Hemsley, managing director at Accenture Security.

“UK businesses needs to get the basics right, such as timely patching of their systems, and ensure they are protecting their most high-value assets from the inside out,” he added.

Other key findings of the survey include that UK companies experience 71 breaches a year on average, costing an average of £6.56m, up 21.2% in the past year, compared with the global average of 130 breaches per company each year.

Read more about insider threats

In the light of the GDPR compliance deadline, it is not surprising that 68% of companies surveyed are deploying advanced identity and access governance systems.

The proportion of companies that are still investing in advanced perimeter controls is still relatively high at 63%, while 60% are deploying security intelligence systems, followed by “extensive deployment” of encryption technologies (55%), and “extensive use” of data loss prevention (50%).

Surprisingly, only 28% of companies are investing in the deployment of advanced technologies such as automation, orchestration and machine learning, which ranked third highest in terms of cost savings. Security intelligence systems ranked top, followed by advanced identity and access governance.

Read more about DDoS attacks

Security suppliers are increasingly adding these features to their product sets in an attempt to reduce the workloads of information security professionals to enable them to focus on the more strategic aspects of cyber security.

According to Accenture, organisations should not rely on compliance alone to enhance their cyber defence capabilities.

It recommends that organisations carry out “extreme pressure testing” to identify vulnerabilities and balance traditional security spending with spending on new technologies, particularly security analytics and artificial intelligence to enhance the effectiveness of their cyber defences.

Read more on Hackers and cybercrime prevention