The cost, scale and number of security breaches have nearly doubled in the past year.
According to the government's 2015 Information Security Breaches survey conducted by PwC, the average cost of the worst breaches at large UK organisations is between £1.4m and £3.14m.
This represents an increase of 233% to 237% from a year ago, with the cost of breaches for small businesses averaging between £75,000 and £311,000 - up by between 115% and 270% from 2014.
According to the report, which was released at Infosecurity Europe 2015 in London, there has been a large increase in the number of organisations being breached.
90% of large organisations reported breaches, which is up from 81% a year ago and 74% of small organisations said they had been breached, up from 60% in 2014.
The majority of UK businesses that were polled in the report will continue to increase in the coming year. They survey showed 59% of respondents expect to see more security incidents.
Businesses of all sizes expect to continue experiencing external attacks, with the survey revealing a slow change in the character of these attacks.
With malicious software impacting nearly 75% of large organisations and 60% of small organisations, both large and small organisations appear subject to greater targeting by outsiders.
The survey also featured staff-related incidents, with nearly 75% of large organisations suffering a staff-related breach, which is up from 58% a year ago and nearly a third of small organisations up from 22% in 2014.
When questioned about their worst breach, half of the organisations involved in the survey said the cause was down to inadvertent human error, which is up from 31% a year ago.
The survey also revealed that 21% of respondents have not briefed their board in the past year, while 14% said they had never briefed their organisation on security risks. Only 26% of organisations stated that responsibility for ensuring data is protected is very clear, while 33% said it was not clear.
The survey uncovered that nearly a third of organisations have not conducted any form of security assessment, up from 20% a year ago. According to the report this reverses the trend of the past two years and raises the question whether businesses have the required skills or experience.
Return to internet news headlines
View Internet News Archive