Recently, I caught up with a friend who works in IT security and the topic of data breaches came up in conversation. He said it used to be hard to convince stakeholders in an organisation about the costs of data breaches; brand damage is difficult to quantify in dollars. But thanks to major data leakage incidents from the likes of Sony and Telstra in recent years, protection of digital information is now being taken seriously. A new report by the Ponemon Institute looks closer at the hard costs associated with data breaches and examines what methods organisations can adopt to reduce that cost. Read on to find out more.
Files fly off image from Shutterstock
In this year's report by Ponemon, commissioned by IBM, the security research institute did a deep dive into data breaches that happened to 26 Australian enterprises across 11 industries. It calculated the average cost of breaches by collecting information on direct and indirect expenses incurred by each company after an incident.
Ponemon found that the average organisational cost of a data breach dropped to $2.64 million, down 6.6 per cent from last year. The per capita cost of breaches also went down. This was associated with the fact that organisations were better at retaining customers following an incident although this differs from industry to industry. Financial institutes are obviously more susceptible to customer exodus after a data leak. Malicious or criminal attacks on companies were the most prevalent and expensive to recover from.
It would seem organisations are investing more in preventing data from leaking and getting into the wrong hands. The report showed the extensive use of encryption, implementation of incident response plans, employee training, CISO appointments, business continuity management and sharing threat information with peers have all contributed to making data breaches a bit less costly.
However, third party involvement, lost or stolen devices and extensive migration to the cloud were elements that can increase the cost of breaches.
While enterprises are improving in terms of lowering the financial impact of data breaches, they shouldn't pat themselves on the back too hard. The Ponemon report showed companies are still spending a lot of money on indirect costs, which include cost related to amount of time, effort and resources spent to put out the fires after.
So what preventative measures have proven effective in mitigating the risk and consequences of a data breach? From the Ponemon report, expanding the use of encryption has proved to be popular among organisations; 50 per cent of the companies surveyed have already ramped up encryption in their businesses. As mentioned before, encryption has contributed to lowering the cost of breaches this year so if your company hasn't done much in the way of encrypting corporate files, it may be time to consider it.
You can find the 2016 Ponemon Cost of Data Breach Study on IBM's website.