The thought of a data breach is enough to send a chill down any business owner’s spine. And rightly so. Last month The Ponemon Institute released its annual Cost of a Data Breach Report, showing that the cost for companies that experience a breach continues to rise. According to the report, data breaches cost U.S. companies an average of $8.19 million per breach — far above the global average of $3.92 million.
And the news is even worse for small businesses. The report found that smaller organizations suffer higher costs relative to larger ones. While a data breach will cost a large organization $204 per employee, smaller organization see that cost jump up to $3,533 per employee.
The report also shows that a single breach can have a long-term impact on a business. New in this year’s report is an analysis of so-called “longtail costs” that show how organizations feel the impact or the breach years after it occurred. It turns out that only 67% of the cost of a breach comes in the first year, with 22% in the second year, and 11% in the third.
Reducing the Cost of a Breach
So that’s the bad news. Luckily, the report also lays out a number of steps that have proven to significantly reduce the cost of a breach.
Incident Response Plan and Simulation
By far, the most effective way to reduce breach costs is to respond quickly. The report found that on average it took companies 206 days to identify a breach and another 73 days to contain it. However, those that were able to find and stop a breach in under 200 days saved a whopping $1.2 million.
The best way to ensure you’re able to response fast is to have a detailed incident response team in place and conduct periodic tests of your response plan. According to the report, the combination of an IR plan and regular incident simulations leads to greater cost savings than any single security process — saving an organization an average of $1.23 million
The report also shows that properly encrypting your most sensitive data will help reduce the cost of a breach. Encrypting data essentially scrambles up your information so that it can’t be read without a key to unencrypt it. According to the report, companies that encrypt their data on premise, at the endpoint, in transit, and in the cloud reduced the cost of a breach by an average of $360,000.
More and more organizations are using security automation such as machine learning, analytics, and incident response orchestration to fast identify and contain system vulnerabilities. According to the report, the cost of a data breach is 95% higher for organizations without security automation in place. There are a number of automated security processes available, but even just conducting regular vulnerability scans will go a long way toward reducing the cost of a breach.
The report also found that companies with effective governance and leadership in place, such as a chief privacy officer or chief information security officer who focuses on preserving customer trust is a key driver in reducing breach costs and maintaining a companies key asset: it’s reputation.
Keep Things Simple
Another interesting aspect of the report is that it shows that, when it comes to security technology, more is not always better. Excessive use of third parties, extensive cloud migration, and system complexity all increase the cost of a data breach. It’s therefore important to minimize the complexity of your security technologies where possible.
All in all, business owners can’t just cross their fingers and hope nothing bad happens. This past year, the chances of a company experiencing a breach in within two years increased to nearly 30% — a statistic that has jumped up by a third in just five years. As the report shows, preparing now can greatly reduce the financial impact if the worst does happen. The thought of experiencing a data breach is enough to make anyone feel powerless, but, from impact reduction to a fully prepared incident response team, there are concrete steps anyone can take to take back control of the situation.
Also published on Medium.