Close this search box.

Cyber attack fines cost UK firms an average of £250,000


Six in ten UK businesses faced at least one cyber related data breach fine in the past year with financial info the most popular target.

UK businesses received, on average, £237,402 worth of fines following cyber related data breaches or violation of data protection rules in the last 12 months according to new research by

Data breaches were the second most reported cyber security incident (36%) facing businesses after phishing attacks (39 per cent). Respondents listed financial data as the most likely type of data to be compromised (50 per cent) followed by customer data (48 per cent) and employee data (42 per cent).

This was one of several findings in’s latest State of Information Security report which surveyed 500 information security (infosec) professionals in the UK, comprising managers, directors, and C-level executives.

According to the survey, businesses respond to cyber incidents by increasing information security budgets and team sizes. However, in many cases this is too late with businesses facing heavy financial penalties following an attack, not to mention the immeasurable reputational damage a breach can cause.

Despite 90 per cent of infosec leaders agreeing that leadership teams view strong information security as a top priority, only two thirds (64 per cent) expect to increase their infosec budgets in the next 12 months and just over half (54 per cent) intend to bolster their teams.

However a significant cohort (39 per cent) listed budget constraints as their top challenge signifying that many infosec leaders don’t think planned budget increases will go far enough.

Luke Dash, CEO of, said: “The potential impact of breaches can be crippling for businesses with the average fine nearing a quarter of a million pounds. We see time and time again companies unaware of the potential impact fines could have on them, let alone the threat to reputation and customer loyalty.

“Budgets are tight and businesses in the UK are facing rising costs across the board but not investing in key areas to do with cyber security is a false economy. Investing in infosec not only protects information assets but also builds trust, wins business, and highlights efficiencies that make a measurable difference to an organisation’s bottom line. In other words, good information security practices are good for business.”

CTS The industrialisation of IT
CTS - Industrialisation of IT
Related Posts
CTS The industrialisation of IT
Others have also viewed

UK businesses see boosting connectivity as integral to growth

Study reveals a great opportunity for alternative network providers (AltNets) to meet growing demand for ...

Germany Energy Efficiency Act demonstrates importance of data centre supply chain collaboration

Following the signing into law of Germany’s Energy Efficiency Act (EnEfG), energy solutions specialist Aggreko ...

Systemair look to Infor’s cloud solution to deliver more sustainable products

Systemair is moving its core business system to Infor CloudSuite Manufacturing, aiming at smoother integration ...
Data Centre

Vertiv collaborates with Intel on liquid cooled solution

Vertiv is collaborating with Intel to provide a liquid cooling solution that will support the ...