What should business executives know about the recent Cost of a Data Breach study sponsored by IBM and conducted by the Ponemon Institute? The first takeaway to stand out is that data breach costs are rising. Since 2013 there has been a 29% increase in costs; to put it in numbers, data breach costs have grown to $4 million for companies. When we dive deeper into the study more is revealed.
- Cybersecurity incidents continue to grow in volume and sophistication.
- 64% more security incidents were reported in 2015 than in 2014.
- Due to the complexities of these threats, cost to companies rise.
- Businesses lose $158 per compromised record.
- Highly regulated industries cost even more with the healthcare industry reaching $355 per record (a full $100 more than in 2013).
The study goes on to show that a big factor associated to reducing costs of breach is leveraging an incident response team. This is a big takeaway that CEOs and CIOs can use to start reducing data breach costs.
- An incident response team saves companies nearly $400,000 on average, which is an average of $16 per record.
- Activities such as incident forensics, communications, legal expenditures and regulatory mandates account for 59% of the cost of a data breach.
- 70% of U.S. security executives reported that they don’t have an incident response plan in place, which could be linked to the high costs of data breach.
The process of responding to breach entails various activities, which include working with IT or outside security experts to quickly identify the source of breach and stop further data loss; disclosing breach to the appropriate regulatory officials and meeting specific deadlines to avoid fines; communicating the breach with customers, partners and stakeholders; and setting up necessary support, as well as credit monitoring services for affected customers.
Since each of these steps takes time and commitment from staff members, having an incident response team and plan in place will streamline the process and save time. Incident response teams address all aspects of breach response and security operations.
- Helping to resolve the breach incident thanks to their expertise.
- Satisfying all industry concerns and regulatory mandates thanks to their knowledge of them.
- Leveraging incident response technologies that can further speed efficiency and response time.
The longer it takes for businesses to detect and contain breach, the more it will cost businesses to resolve. The study found that breaches identified in less than 100 days cost businesses an average of $3.23 million, while those found after 100 days cost over $1 million more, on average $4.38 million to be exact. The study also pointed out that it takes about 201 days to identify breach and 70 days on average to contain a breach. Additionally, businesses that had predefined Business Continuity Management (BCM) processes in place contained breaches more quickly.
- Businesses with a BCM discover breaches 52 days earlier and contain them 36 days faster than businesses without a BCM.
With all of this in mind, it’s pretty clear what business CEOs should do next to avoid high data breach costs. If you’re ready to save on breach costs, we’re here to help.
Photo courtesy of alphaspirit