Incident Response Teams Continue to Prove Their Worth
July 5, 2017 by Bill Rosenthal

Person responding to an incident

The 2017 Cost of Data Breach Study: Global Analysis has been released, and you can download it here (registration required). Sponsored by IBM and performed by the Ponemon Institute, this year’s study suggests that cybersecurity may be improving:

The average cost of data breach decreased 10 percent and the per capita cost decreased 2.9 percent. However, the average size of a data breach (number of records lost or stolen) increased 1.8 percent.

That the average size of a data breach has increased suggests that attacks are getting bigger, more frequent, more sophisticated, or perhaps all three. But the costs of data breaches are declining, suggesting that businesses (which make up the primary targets) are getting better at security. We’ll have to wait at least a year to see if this is a trend or simply an anomaly, but the costs of data breaches have been rising steadily since the report first started publishing, so a reduction in those costs is real news.

What affects the cost of a data breach? The report identifies half a dozen contributors:

  • unexpected and unplanned loss of customers (churn rate)
  • number of records lost (the more records lost, the higher the cost)
  • post-breach costs, including the costs of victim notification
  • whether the incident is results from an attack or negligence (attacks cost more)
  • time to identify and contain the breach
  • detection and escalation of the incident

Those final two contributors are the low-hanging fruit of cyber security. If you can reduce the time needed to identify and contain breaches, you can reduce their costs. If you can improve your effectiveness at detecting and escalating incidents of breaches, you can reduce their costs. In fact, the report says that using incident response teams will reduce the costs of data breaches: 

In this year’s research, an incident response (IR) team reduced the cost by as much as $19 per compromised record. Hence, companies with a strong IR capability would anticipate an adjusted cost of $122 ($141-$19 per record).

The report also found that using encryption extensively reduces the cost, although not by as much as having an IR team. The report also found that the faster a data breach is identified and contained, the lower its costs, which is consistent with the finding about incident response teams.

If you’re responsible for cyber security in a business organization, or if you’re part of an organization’s leadership, I recommend downloading and reading the entire report. It will give you a solid global view of a persistent global problem.

If your organization has an incident response team, congratulate yourself on having taken the single most reliable step to reduce the costs of cyber security. If you don’t have one, organize it. Consider the Logical Operations CyberSec First Responder (CFR) program. The CyberSec First Responder: Threat Detection and Response course will teach your first responder team to analyze threats, design secure computing and network environments, proactively defend networks, and respond/investigate cybersecurity incidents. Having a first response team will probably not reduce your risk of being attacked. But the 2017 Cost of Data Breach Study: Global Analysis shows it will dramatically reduce costs of a breach.