The average cost of a data breach for a UK organisation has risen to over £2m, with human error responsible for the vast majority of cases.
That's according to a new report, the 2013 Cost of Data Breach Study, by internet security firm Symantec and the Ponemon Institute.
For the sixth consecutive year, the cost of lost or stolen information has continued to rise, with the average organisational cost to a business suffering a data breach now £2.04m, up from £1.75m in the previous year.
Negligence continues to be the most common cause of data loss, as employees either lose devices containing confidential information or fail to secure data in the first place.
However, it's malicious attacks that are the most costly form of data breach, with criminal attacks as a cause of data loss rising to become the key factor in 34 per cent of cases, according to the report.
The Cost of Data Breach Study also claims that fewer customers of businesses that have suffered information loss are remaining loyal to that organisation, with data breaches causing individuals to take their custom elsewhere. Types of organisations affected the most by data breaches include those in the financial, pharmaceuticals and communications industries.
According to Symantec, the best way to prevent a data breach is to train employees to be more careful with data and more aware of the risks associated with losing it.
"With more than a third of UK data breaches involving negligent employees or contractors the ‘human factor' is still the weakest link, and so training and awareness should be a priority from the outset," said Mike Smart, product and solutions manager at Symantec, who also warned against the rise in criminal attacks.
"But here in the UK it seems that malicious attacks are becoming nearly as big a problem. Not only have more data breaches been down to malicious attacks, but when it does happen, it's far more costly.
"The report has shown that there are certain factors that influence the cost of a breach so there are things businesses can do in advance to reduce the impact on the organisation; from educating and training employees on how to handle confidential information, to having a proper incident response plan in place," he added.
