Data breaches can be costly for organizations and due to an increase in compliance regulations and advances in attacks, the cost of a data breach continues to rise. A recent study conducted by the Ponemon Institute and sponsored by IBM looked at the financial impacts of data breaches and found that the global average cost of a data breach is $3.92 million. In Canada, that cost is even greater with the average cost of a data breach reaching $4.4 million.
The financial impact of a data breach can devastate organizations, especially smaller businesses. And the costs don’t just stop once a breach happens. According to the IBM study, organizations can continue to feel the financial repercussions of a breach after more than two years. Since the impacts of a data breach are complex, it’s important to take actions to reduce the risk of a breach, thereby reducing its financial impact if one takes place.
Source: IBM
How Businesses Can Minimize the Cost of Data Breaches
The IBM report looked at several factors that can cause a data breach to be more than or less than the average total cost of a data breach. Here are some of the factors outlined in the study.
1. Incident response team: An incident response team consists of key members of the organization that will work to detect, analyze and contain a data breach in the event one happens. This team is a vital part of an incident response plan, which is an organization’s defence plan for a data breach. Not only does having a plan reduce the cost of a data breach but having it tested is important as well. Having an incident response team saved organizations $360,000 while having an extensively tested plan saved organizations $320,000.
2. Use encryption: Encryption is critical in protecting sensitive data, such as personally identifiable information and confidential business information. Encryption translates plaintext data into ciphertext so that only those with the encryption key can read it. While data encryption does not prevent data breaches it can prevent bad actors from easily accessing your data. Extensive use of encryption saved organizations $360,000.
3. Invest in the right security solutions: Using advanced security solutions that can detect suspicious activity in an organization’s network allows organizations to quickly deal with potential data breach activity. Security automation technologies like a SIEM system integrates existing threat intelligence sources to help contextualize data and simplifies investigation into security alerts. Training employees on cyber threats can also help mitigate breaches caused by human error. It also gives employees insight into the threat landscape and know what to look for in attacks such as phishing emails. Employee training saved organizations $270,000 while the use of security analytics saved organizations $200,000.
4. Vet third party partners: Supply chain attacks occur when hackers infiltrate an organization’s systems through a third-party supplier or partner who has access. Organizations need to verify the security systems of their partners before doing business with them. Consumers will not care if the cause of a breach is due to a third party and will hold your organization responsible for not doing due diligence when deciding to partner with that vendor. A data breach from a third-party partner increased the cost of a breach by $370,000.
5. Implement data backup: Having a business continuity plan is vital when dealing with a data breach. Having your data backed up and stored securely can help with business continuity. Having a business continuity plan can save organizations $280,000.