IBM report shows rise in cost of UK data breaches to £2.7m

According to IBM’s 2018 Cost of a Data Breach Study, the average cost of a data breach in the UK has risen by 8% over the past year to £2.7 million, although this is still lower than the global average of £3 million ($3.9m).

US companies experienced the highest cost of a data breach at £6 million, closely followed by the Middle East at £4 million.

Key findings

The report also found that:

  • The average time to identify a breach has fallen to 163 days (down 5); and
  • The average time to contain a breach has fallen to 64 days (down 3).

Reducing these times is important because the longer a breach goes undetected, the more damage can be incurred, and the more expensive it could be to rectify.

  • Malicious outsiders were responsible for half of all breaches.
  • 26% of incidents were the result of human error, and system failures accounted for the remaining 24%.

Although it is quicker to identify human error and system failures, these threats are preventable and highlight the importance of staff training and IT monitoring systems.

When dealing with confidential and sensitive information, employees need to be aware of internal security policies and procedures, as well as information security best practice. Human error and lack of employee awareness are growing concerns and staff need to be aware of the risks that they could unintentionally inflict on their employer. After all, any data breach could incur fines and reputational damage.

Educate your staff

No matter how prepared an organisation thinks it is, its employees will always be a wildcard. Employees’ tendency to expose data, their inability to create safe passwords and other similar weaknesses mean that organisations must help them follow best practice as much as possible.

Rolling out comprehensive staff awareness training will give employees a clear understanding of their compliance requirements, your organisation’s security policies and procedures, and information security best practice. Even basic training has the potential to prevent security incidents.

E-learning courses can help increase employee awareness cost-effectively and with minimal disruption. Course topics include the EU GDPR (General Data Protection Regulation), ISO 27001 and information security.

Find out more about e-learning >>


  • Luke Irwin

    Luke Irwin is a writer for IT Governance. He has a master’s degree in Critical Theory and Cultural Studies, specialising in aesthetics and technology..