These are the real costs of a data breach
The Cost of Data Breach Report 2020, by the Ponemon Institute, has recently been released. It contains findings that provide the cybersecurity industry with better insights into the financial hassle associated with a data breach. It mainly gives CISOs, IT and management a good overview.
Data breach highlights
For this edition, 524 organizations worldwide who faced a data breach between August 2019 and April 2020 participated:
- Detection and escalation - activities that enable a company to reasonably detect the breach.
These are: Forensic and investigative activities, Assessment and audit services, Crisis management and - Communications to executives and boards
- Lost Businesses - activities that attempt to minimize the loss of customers, business disruption and revenue losses.
These are: Business disruption and revenue losses from system downtime, Cost of lost customers and acquiring new customers and Reputation losses and diminished goodwill
- Notification - activities that enable the company to notify data subjects, data protection regulators and other third parties.
These are: Emails, letters, outbound calls or general notice to data subjects, Determination of regulatory requirements, Communication with regulators and Engagement of outside experts
- Ex-post response - activities to help victims of a breach communicate with the company and redress activities to victims and regulators.
These are: Help desk and inbound communications, Credit monitoring and identity protection services, Issuing new accounts or credit cards, Legal expenditures, Product discounts and Regulatory fines.
- 19% that suffered a malicious data breach was infiltrated due to stolen or compromised credentials, increasing the average cost of a breach for these companies by €852,000 to €4 million.
- 280 days average time to detect and contain a data breach.
- 315 days average time to detect and contain a data breach caused by a malicious attack.
- €954,000 average cost savings of containing a breach in less than 200 days vs. more than 200 days.
- Average cost of a data breach worldwide: €3,3 million.
- CISOs were most likely to be held ultimately responsible for the data breach (46%), followed by other security leader roles such as VP, Director etc. (43%) and other IT leader roles (36%).
- Potential impacts of Covid-19
- 54% Share of organizations that required remote work in response to COVID-19
- 76% Share of participants who said remote work would increase the time to identify and contain a data breach
- 70% Share of participants who said remote work would increase the cost of a data breach
Tips that could help minimize financial and brand impacts of a data breach
- Invest in security orchestration, automation and response (SOAR) to help improve detection and response time.
- Adopt a zero trust security model to help prevent unauthorized access to sensitive data.
- Stress test your incident response plan to increase cyber resilience.
- Use tools that help protect and monitor endpoints and remote employees.
- Invest in governance, risk management and compliance programs.
- Minimize the complexity of IT and security environments