When organizations think of information security, they don’t necessarily think business continuity management (BCM) as being a part of it.  Some security executives think the same as well, and this is a grave assumption.  BCM affects your information security and a study by the Ponemon Institute shows exactly how.

 

Even though a BCM program isn’t focusing on an organization’s environment to find vulnerabilities, it is looking at how to prepare for disruption, which includes data breaches.  As any business knows, data breaches come with a cost and BCM can reduce those costs.  A BCM program can also limit the length of breach and in turn contain the breach, which will lessen the days that your data is exposed.

 

Let’s look at the numbers so you can get a clear and quantifiable idea of why having BCM and information security collaborating as one is so important.

 

The 2016 Cost of Data Breach Study: Impact of Business Continuity Management (BCM) reveals that without BCM involvement organizations take an average of 227 days to identify breach.  Organizations with BCM involvement on the other hand, take 175 on average to identify a breach.  Keep in mind that the average per capita cost of breach has increased from $154 to $158, and the total cost of breach from $3.8 to $4 million.

 

In addition to identifying breach, BCM also affects the time it takes to contain a breach.  Those businesses with BCM involvement take an average of 52 days to contain a breach compared to those without any BCM involvement, which require an average of 88 days to contain a breach.

 

Also worth noting is how BCM involvement plays a huge role in incident response planning and execution to resolve the consequences of a data breach, and in doing so organizations reduce the average cost per lost or stolen record, which at its highest is an average of $167 per record and at its lowest an average of $149 (thanks to BCM involvement).

 

When businesses look at the total cost of breach without BCM involvement they find it to be at $4.29 million, while with BCM involvement it is at $3.71 million.  The same goes for per day cost savings.  With BCM involvement, the average per day savings is of $6,591 through the containment phase of the data breach response.

 

The news that 52% of companies surveyed in the global Ponemon Institute study have a BCM function or team that is involved in risk management, disaster recovery and crisis management is great; but it leaves 48% of businesses exposed and in danger of high financial repercussions, as well as reputation damage.  The sooner business executives and CIOs can see the benefits of having information security include BCM, the better are their chances of avoiding permanent repercussions to their business.

 
If you haven’t started on business continuity management (BCM) let’s have a chat.  We are here to help and would love to get your information security on track before breach strikes.  Schedule your free infosec consultation so we can pinpoint your specific needs!

 

Photo courtesy of wavebreakmedia