Rising cybercrime is a growing cost to UK business, but it could also provide a boost to the UK economy.
According to Rt Hon David Willetts, MP, Minister for Universities and Science, the UK is well-placed to create an export market in cybersecurity skills and technology.
Coming on the back of a planned investment by the government, which is expected to reach £860m by 2016, the UK is not just a safe place to do business but also a good base for cybersecurity firms, Willetts suggested. "There is an opportunity to grow cybersecurity, as part of the UK economy," he said. The government hopes that the sector will create exports valued at £2bn by 2016.
Increasing spending on cybersecurity comes at a time when the UK economy is increasingly dependent on the internet. Online services now account for eight per cent of GDP, according to Willetts. "We need to maintain confidence in doing business online," he said.
The Minister also pointed to the results of the latest PwC/Department of Business, Innovation and Skills information security breaches survey, which was unveiled at Infosecurity Europe 2014.
The survey found that the cost of security breaches continues to rise, especially for small businesses. The average cost of a data breach for smaller firms is now between £3,500 and £7,000, a ten-fold increase on 2013, according to PwC.
For large businesses, the average cost of their worst security breach is between £450,000 and £850,000. For smaller firms, their worst breaches cost between £35,000 and £65,000.
"The majority of organisations expect breaches to increase in the future," warned Richard Horne, partner for cybersecurity at PricewaterhouseCoopers. This comes despite the fact that companies are becoming better at "managing the noise" generated by low-level security attacks. "Serious incidents are getting through," he said.
PwC found that the majority of serious data breaches involved a malware infection, the loss of confidential data, or an outsider attack. But the firm's survey showed a switch away from overt breach attempts to stealth attacks that remain undetected, and extract information from the victims' IT systems. "We have seen organisations with up to date antivirus systems, and the technology does not protect them," said Chris Potter, partner in risk and assurance at PwC.
But organisations also need to look at the role of their own staff in protecting ITR systems, he warned. Effective policies and user education remain important, even in the face of growing external threats.
"Staff still play a key role in security breaches," he said. "As many as 31 per cent of the worst security breaches were caused by human error, and a further 20 per cent by deliberate misuse."