Data breaches cost UK businesses more than ever last year, with most of the financial hit resulting from lost business in the aftermath of an incident, a Ponemon Institute survey for Symantec has found. Data breaches cost UK businesses more than ever last year, with most of the financial hit resulting from lost business in the aftermath of an incident, a Ponemon Institute survey for Symantec has found.The average cost of a data breach for the 38 large businesses surveyed in 2010 Annual Study: UK Cost of a Data Breach was £1.9 million ($3.1 million), a 13 percent rise from 2009, equivalent to about £71 per lost record. Of this sum, 48 percent can be attributed to ‘abnormal customer churn’ – customers that go elsewhere after hearing of the problem – while communicating with customers and resetting records is another 23 percent. Non-commercial organisations such as those in the public sector were found to suffer lower customer costs.The most expensive breach uncovered by the survey cost a company £6.2 million to recover from, while the smallest costing £336,000, with the number of records lost or stolen ranging from 6,900 to 72,000. However representative a snapshot, Symantec and Ponemon describe the breach cost numbers as giving a good idea of what it costs a typical company to deal with large data breaches, defined as between 1,000 and 100,000 records.The report presents the deeper causes of data breaches in a rather convoluted manner (some causes can be related to more than one category), although ‘system breaches’ (security failures inside a company) are named as the top cause with a frequency of 37 percent of incidents, with third parties and negligence accounting for 34 percent each. Malicious and criminal attacks account for 29 percent, but these are not surprisingly the most expensive to clear up at £80 per record.“We continue to see an increase in the costs to businesses suffering a data breach,” said Ponemon Institute founder, Dr. Larry Ponemon. “Regulators are cracking down to ensure organisations implement required data security controls or face harsher penalties. Confronted with both malicious and non-malicious threats from inside and outside the organisation, companies must proactively implement policies and technologies to mitigate the risk of costly breaches.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe