Each year, I read dozens of security reports and almost all come to the same conclusion: the bad guys are getting better at what they do and despite our best efforts, we are barely keeping our heads above water. That’s why this year’s 2017 Ponemon Cost of Data Breach report stood out. The time to detect breaches and the costs for remediation and the impact of data loss are falling.
The report - there’s an overview you can access although you will need to register for access - found the average cost per lost or stolen record for Australian organisations fell by 2.1% to AUD$139.
25 Australian companies participated in the report with the average total cost of a breach reaching $2.51M. Drawing comparisons from year to year is tricky as the survey doesn't look at the same companies each year.
The time to detect breaches, while still close to six months at 175 days, has fallen by a couple of weeks. On average, it’s taking about 67 days to contain an incident - we’re a day slower than the global average.
When it comes to the root cause of breaches, almost half come from malicious or criminal attacks and over a quarter involve negligent employees or contractors. And 24% come from system glitches.
For what it’s worth, I don’t place a huge amount of stock on the high level numbers. That 175 days to detect breaches spans business that detect breaches in hours as well as other that take years. And, I have a problem with the definition of breach.
The report defines a breach as
A breach is defined as an event in which an individual’sname and medical record and/or a financial record or debit card is potentially put at risk—either in electronic or paper format.
The word “potentially” suggests quite a bit of “fiddle factor” to me. A bad guy could be in a system for days, undetected, but if you have good internal controls then a long undetected breach might not be reported.
What is useful though, is looking at the data longitudinally. The organisational cost of a breach has been slowly falling over the last couple of years as businesses have improved processes for looking after customers following an incident.