The 2017 Cost of Data Breach Study: Global Analysis, which is available here (registration required), examined the impact of 20 different factors on the cost of a data breach. I wanted to take this opportunity to discuss the top five of those factors.
- Presence of an incident response team (13% reduction in cost). I have noted before that the factor with the greatest impact on the average cost of a data breach is the presence of an incident response team. It stands to reason that this factor would have a substantial impact, because recognizing and acting on a data breach is the best way to reduce dwell time. In other words, the longer the bad actors remain in your network, the more damage they will do. The quicker you get them out, the less it will cost you to repair the damage. Every business needs an incident response team to analyze threats, design secure computing and network environments, proactively defend networks, and respond/investigate cybersecurity incidents. This is why Logical Operations is able to do such a good business with our CyberSec First Responder (CFR) program.
- Extensive use of encryption (11%). If you leave sensitive data unencrypted, and the criminals penetrate your network (and the odds are that they will), you risk having to spend a fortune on fines to regulators. Even if you don’t have to pay fines to regulators, you will probably have to spend a fortune on making whole the victims whose data is stolen. These victims may be customers, business partners, even employees. You may be on the hook for both fines and compensation. If the criminals get into your network and steal well-encrypted files, the chances are good they will never be able to decrypt them. From your standpoint, then, the damage of the breach is considerably reduced.
- Employee training (9%). Email spam and rogue websites are far and away the most common delivery vehicles for malware. There are few technical measures for avoiding these. You must rely on the judgment of your users to reduce intrusions and dwell time. The Logical Operations CyberSAFE class enables employees of any organization to identify many of the common risks associated with using conventional end-user technology, as well as how to safely protect themselves and their organizations from security risks.
- Involvement of BCM (8%). When business continuity management (BCM) is involved in the resolution of a data breach, crisis communication is better handled, risk management gets better leadership, and the organization is more likely to have active monitoring and vigilance. Good BCM also tends to foster an orientation to rigorous planning and organizational structure that reduces complexity in the response process. All of these reduce the costs of both loss and remediation.
- Participation in threat sharing (6%). Have you ever driven with one of those smartphone navigation apps that know traffic conditions and hazards? They can save you a lot of time and heartache. The same is true of threat sharing programs, which are community-driven efforts that automate distribution of information on existing and emerging threats — information that helps you prepare to face them. Better preparation equals lower cost.
Of the five top factors that reduce the cost of data breaches, only two — encryption and threat sharing — are technological in nature. The other three, a clear majority, rely on the skills of people.