It’s not really a shocker, but a survey published today by SANS found organizations that plan and prepare for data breaches can greatly reduce the costs of data breaches over time.
According to the report, those enterprises with a data breach plan have teams in house at the ready to respond to a data breach. They have invested the time necessary to know where their sensitive and valuable data resides and travels (something too few do) and by doing so have reduced costs. Also not surprising, companies that were breached discovered newfound interest in investing in new security technologies and services.
According to the report, there are a number of factors that reduce post-breach expenses, and factors that increase post-breach costs:
What reduces breach costs:
- A solid response and cleanup plan with proper management and staff involvement in handling post-breach activities. Only 36% suffered media involvement, a factor that many consider to be a significant cost contributor to post-breach costs.
- Data classification programs and policies — in place for 81% of the organizations surveyed — can protect against compliance violations and subsequent media involvement.
- A proactive approach to handling security helped some organizations avoid the legal quagmire that many organizations, such as Sony and Anthem, find themselves in.
Factors that increased breach costs:
- Disruption of daily work
- Time to repair and fully remediate
- Media attention
- Compliance violations
- Size of the breach
The actual cost to organizations for these breach incidents varied greatly. The largest percentage of respondents, at 31%, lost an estimated $1,000 to $100,000 per breach. Not bad depending on size of the organization. The next largest constituency, at 27%, lost $500,000 to $50 million, while 23% lost $100,000 to $500,000. 8% got walloped with a loss of $100 million or more.
Last fall SANs conducted another survey on breach response, and found that a sizable 44% of respondents to that survey had sensitive data breached, and nearly one-third of respondents had up to six data breaches in the previous 24 months. Not good.
But the survey also found that too many struggle to respond to attacks as they are underway. According to the survey, 59% of respondents claimed to be able to contain attacks within 24 hours. Not bad. But it got worse from there, quickly: 37% — up to 8 hours; 21% — up to 24 hours; 19% — less than a week; 17% — more than a week.
So what’s the key to lowering the cost of data breach? The smart aleck answer is: Don’t get breached. But that’s not realistic considering the state of today’s enterprise technology stack. So the best answer is to have a plan and team in place and practice against that plan actively.