KPMG: IT failure costs average of 410,000 per incident

15 December 2014

The failure of IT systems are costing businesses on average £410,000 per incident, concludes consulting firm KPMG in a newly released report. Around 4 million financial accounts are affected per incident, with the average IT firm’s failure affecting 776,000 individuals. A relatively large share of failures could be mitigated, claims the advisory firm, by firms investing in expert management of sensitive systems and staff training.

Reported incidents
The fact based research by KPMG, titled ‘Technology Risk Radar’, analysed 10,000 news articles in a one year period between September 2013 and August 2014. The analysis was carried out by the Astrus analytics infrastructure, which analysed English speaking news sources and identified 522 incidents that became part of the final data set. One of the key findings from the research is that more than just the media-hyped cyber-attacks and data breaches causes IT companies to face system outages, IT quality issues, and incur costs.  

Cost of IT Incidents

In terms of a breakdown of the industries affected by IT incidents, Technology, Media & Telecom is the most affected with 24.6% of the 522 incidents incurred, incidents at government departments came second with 24.2%, and Energy & Natural Resources was the sector the least affected with 3.3% of incidence. Consumer Markets & Retail, while incurring a number of high impact incidents, like the Target hack with a loss of 40 million credit card details, only make up 7.2% of reported incidents.

Incidents per Sector

Mitigating costs
The research found that over 50% of incidents reported were caused by ‘avoidable’ problems, related to coding errors or failed IT system changes within a company. In total, 7.3% of the incidents could be directly linked to ‘human error’, with mistakes like sending privileged or confidential information to the wrong email address or incorrect data-entry.

To mitigate the costs of IT failures, and improve the risk profiles of businesses that rely heavily on IT and carry high value information, KPMG recommends businesses to invest in tools and expertise that move risk management into the core of IT departments. Creating the right environment will require “holistic thinking about risk management [which] needs to start from the top and be fully in tune with the organisation's technology requirements.” As well as invest in training staff to better manage avenues for potential human errors.

Jon Dowie, KPMG

“With ever greater complexity in IT systems – not to mention the challenge of implementing IT transformational change – companies are running to stand still in managing their IT risks. The cost of failure is all too clear. It is crucial for both public and private sector organisations to understand the risks associated with IT and how they can be managed, mitigated and avoided,” says Jon Dowie, Partner at KPMG.