Cyber attacks are costing businesses as much as £1.15 million per breach, according to new research from PwC and the UK Department for Business, Innovation and Skills (BIS).
BIS and PwC revealed data breaches are costing small organisations with 50 or fewer employees between £65,000 and £115,000 and large organisations with 250 or more staff between £600,000 and £1.15m, in their latest Information Security Breaches Survey 2014.
The high cost comes during a decrease in reported cyber incidents. The survey showed that 81 percent of large organisations reported suffering a security breach over the past year. The figure is a decrease from the 86 percent figure reported in the 2013 survey. The number of reported SMB breaches also fell from 64 percent to 60 percent over the year.
PwC cyber security director Andrew Miller said the high cost of data breaches is the result of an ongoing lack of security understanding within most businesses. Miller warned the figure will continue to rise until firms of all sizes begin investing more time and money to improve their defences and train staff about cyber best practice.
"Breaches are becoming more sophisticated and their impact more damaging. Given the dynamic nature of the risk, boards need to be reviewing threats and vulnerabilities on a regular basis," he said.
"Organisations also need to develop the skills and capability to understand how the risk could impact their organisation and what strategic response is required."
Miller's comments come during a cyber skills shortage within the UK. The National Audit Office (NAO) estimated that the UK cyber skills gap will last 20 years costing nation £27bn a year in February 2013.
Plugging the skills gap and raising employee awareness about cyber threats has been an ongoing goal of the UK government and its Cyber Security Strategy. The UK government launched the Cyber Security Strategy in 2011.
Since launching, the strategy has seen several information-sharing and education initiatives launch, including the current Cyber Streetwise campaign and creation of the UK's Computer Emergency Response Team (CERT).
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal