Analysis conducted by cybersecurity leader Imperva, Inc. has found that regulatory fines represent less than 6% of data breach costs.
The company conducted an analysis of UK and worldwide data breaches which has shown that, despite increasingly strict cybersecurity regulations and fines, lacking data security is putting the data of millions of individuals at risk - at significant cost to organisations.
This comes in the wake of huge safety concerns from within the industry. Business leaders and company surveys have consistently alluded to an impending “cyber crisis” as a result of a growing skills gap, limited industry knowledge and corporate complacency.
Imperva: the most common cause of breaches in the UK are not cyberattacks
In the wake of cyber crime becoming increasingly more sophisticated, Imperva conducted analysis of nearly 100,000 data breaches reported to the Information Commissioner’s Office (ICO) between April 2019 and December 2022.
Of 33 breaches deemed ‘most notable’ by cyber security professionals responding to the Chartered Institute of Information Security (CIISec), the company found that in the UK alone, the data of more than 200 million individuals was compromised between 2019 and 2022.
Imperva has stated that this is the equivalent of every citizen’s data being stolen at least three times.
Concerning what businesses should be doing to ensure that their cybersecurity measures are good enough to withstand data breaches, Alan Ryan, AVP of UK and Ireland at Imperva said: “One of the major issues for organisations is actually identifying where all the information is as it is often distributed both onsite and offsite in the cloud and SaaS applications.
“They then need to categorise it, in terms of sensitivity (value to cybercriminals) and then apply the requisite controls such as encryption, user behavioural analytics, access controls etc.
He continued: “Businesses can dramatically improve their chances of avoiding a major data breach by having monitoring capabilities across all their data repositories, not just those where they keep the sensitive “valuable” information.
“Monitoring ‘low value' data gives security teams a much greater chance of identifying and stopping attackers before they are ready to exfiltrate the more “valuable” data.
Using the wrong cybersecurity measures could lead to business downfall
Imperva’s report also found that 32% of breaches reported to the ICO could have been avoided by having better data management and security, according to the report. The most notable breaches listed cost organisations more than £13.5bn (US$17.37bn), of which global regulatory fines made up less than 6%.
Whilst ICO penalties have increased, Imperva’s report highlights that there is a risk that organisations are still prioritising measures that demonstrate compliance, but do not actually provide proper data security.
Imperva’s investigation also found that the most common causes of breaches in the UK are not cyberattacks. Malicious incidents such as malware, phishing and ransomware accounted for only a third (33%) of breaches reported to the ICO.
Breaches caused by threats from outside the organisation (35% of reported breaches) are less common than those caused by insider threats (40%).
‘Bad actors’ continue to target key infrastructure
The analysis also found that important industries still continue to be targeted, with education suffering 17% of the total number of breaches. Healthcare (16%), local government (9%) and finance (9%) quickly followed.
Speaking on the importance of organisations being increasingly mindful of data breaches, Alan Ryan said: “By now, there is no excuse for any company to be ignorant of the damage that a major data breach can cause.
“What these findings show us is that, all too often, regulatory fines are only the tip of the iceberg and can be dwarfed by the collective cost of legal settlements, customer loss, and reputational damage. So, unless they want to continue playing data security Russian roulette, British companies have to put in place proper security measures now.”
“[Imperva’s] role is simply to help customers get a comprehensive data management strategy in place, identify and profile their data assets and repositories, and give them the tools to decide what needs to be done to protect it properly.”
When looking towards the future, Ryan said: “This research shows how GDPR has changed companies behaviour and one of the biggest drivers for improved cybersecurity in the next year will be the regulatory push from various governmental organisations - most notably the EU.
“As and when proposed changes, such as NIS2 and the EU Data Act, come into force, organisations are going to have to become more serious about answering key questions like where all their data is stored, who is accessing it, and what is being done with it.”
Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.
BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.