With the number of internet users in the UK growing every year, businesses are having to make a continual transition into the cyber age to meet the demands of a digitally dependent society. However, as businesses embrace this evolution, so does crime.

There are around 65,000 attempts to hack small-to-medium businesses in the UK daily. If successful, these cyber breaches are highly costly to a business – and with the arrival of the COVID-19 pandemic, the surface area and impact of a cyber-attack has expanded.


The easiest way to grasp the concept of the cost of cyber-breaches in the UK is to simply lay out the statistics.

According to a report carried out by DETICA, in partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office, the cost of cyber-crime to the UK is £27bn per year, with £9.2bn of this coming from the theft of IP from UK businesses. These estimates are also thought to be somewhat of a best-case-scenario.

Another cyber-security study, undertaken by IPS Beaming, found that 25% of UK businesses were targeted by cyber-criminals in 2019, with the most-at-risk group being large companies with at least 250 employees.

The cost of a cyber-breach grows exponentially with the size of the business. On average, the cost of a cyber breach can be £3.9m for a small company, £12m for a medium-sized company, and £940m for a large company – again, these averages are best-case scenarios. In a worst-case scenario, the average cost of a cyber breach for a medium to large-sized business can be upwards of £1420m.

The cost of a cyber-breach also varies between the different business sectors – with healthcare, pharmaceutical, and bio-technology being the hardest hit financially by IP theft.


Detection Costs

It’s estimated that most companies are unaware that they are victims of a cyber-breach; and the longer it takes to detect a cyber-breach, the higher the repair cost. It can take some business up to 200 days to detect a breach, but if a company can respond to the incident in under this time, they can save up to £750,000 on costs.

Advanced Detection and Response solutions constantly gather forensic-level data from the endpoints, networks, and cloud services. By leveraging Machine Learning, these systems can analyse the information, looking for malicious behaviour or abnormalities and flag them for experienced cybersecurity professionals to investigate further. Top-end solutions will go as far as sandboxing processes, isolating endpoints from the network, and rolling back malicious activity. All of this helps to drastically reduce the time it takes to detect malicious activity on the network.

Remediation Costs

Once the breach is detected, remediation efforts and their associated costs are factored in, such as: securing the network, crisis management, audits, and investigations. The costs associated are not just in-house man hours, but also the expense of third party specialists, and if required, any technology investments that need to be made.

To begin the remediation process, you need to understand the extent of what has happened and how it took place before you can put a solution in place to ensure it doesn’t happen again. Reviewing logs on devices through the network will give you an idea of what has occurred, if you have a SIEM solution in place, this will allow you to correlate log events across multiple devices and build a picture of the event and how it occurred. A correctly set up SIEM tool will also have the capability to detect and alert on these types of behaviors as they unfold, reducing detection time.

Operational Costs

During a cyber-breach, some companies may have to completely halt their operations, causing a direct impact of output and loss of revenue. For many organisations, it will be the interruption to normal business operations that cause the biggest impact. When you have to dedicate internal resources to remediation actions, they can’t carry on their normal job role. When daily business operations are impacted, a drop in overall business efficiency and productivity is to be expected, and this could continue throughout the remediation process, possibly even longer.

Reputational Costs

44% of consumers in the UK say that they won’t spend money on a company while it’s the victim of a cyber breach. Coupled with this is the risk that stock prices may drop rapidly if a company is undergoing a halt in business.

This impact is difficult to measure, but again, a cost for the man hours invested in managing the reputational impact need to be accounted for. Alongside this, a company will have to take into account any costs associated with the communications and marketing effort that will be required to support the business and its message during and post breach will need to be considered.

Legal Issues

In an extreme example, British Airways experienced a huge cyber-breach in 2018 that affected over 400,000 customers. Names, addresses, and payment details were obtained due to the rather poor security measures put in place by the large company.

For their failure in protecting the personal and financial details of their customers, the airline was fined £20m by the Information Commissioner’s Office (ICO). 

On the matter, Information Commissioner Elizabeth Denham had this to say:

“People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure. Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine – our biggest to date.”


From viewing these statistics, and discussing the factors behind the cost of a cyber-breach, we can see that the cost of a cyber-breach in your business depends on the extent your business is affected by each of the aforementioned individual factors, such as:

  • The size of your business
  • The sector you operate in
  • The time to detection.
  • The extent of the breach.
  • Remediation costs (Including man-hours, hardware, and 3rd party).
  • Reputational loss (Immediately & time spent recovering)
  • Operational loss.
  • Legal fines.

The most effective way to mitigate the costs of a breach is to prevent the length of the cyber-breach, by having measures in place that detect the breach as earlier as possible – or, by preventing an attack altogether.

Overall, set to a backdrop of ever-growing uncertainty and digital complexity, now more than ever, business owners should really be asking themselves how much a cyber-breach could cost them.


Your trusted source for innovation, technology insights, and market trend analysis.

Why Choose NCL?

For over a decade, we’ve developed a strong reputation amongst our customers and partners for consistently delivering services which help businesses perform optimally and securely. This is why the relationships we’ve developed over the years have become long-standing and deeply trusted.

We’re very proud to have provided continuous IT support to the MoD for over 12 years. This length of service is a testament to the trust the MoD place in our people to deliver results, time and time again. Today, we provide situational awareness of the MoD’s globally-deployed application performance while assisting in troubleshooting issues and collaborating with other delivery partners to solve problems faster.

The lessons we’ve learned in Defence are applied to our engagements with customers in the enterprise sector too, ensuring robust network and cyber management for medium to large scale organisations. We use our long-standing experience in end-to-end performance management as a foundation for all of our services, so we can better define a customer’s complete requirements and deliver a more effective solution, whatever the field of technology. Offering market-leading technology and trusted managed services from ‘Floodlight’ - our own UK sovereign SOC, we work closely with customers in Driving Digital Vigilance across industry sectors.

NCL ‘Industry Insights’ Monthly Newsletter

The NCL monthly newsletter will provide a concise roundup of all the need to know information for IT teams and leaders.