The costs of a data breach to a business just keep getting worse.
The 2014 Cost of Data Breach Study in the United States by Ponemon, showed that the average total cost of a data breach for the companies participating increased from $5.4 million to $5.9 million last year. The cost of each lost or stolen record containing sensitive information increased from $188 in 2013, to $201 in 2014 – and an average of almost 30,000 breached records per incident.
If there’s any good news in the research, it’s that there are operational factors that can increase or decrease the cost of data breach. Organizations can use this information to improve their security safeguards and better control the cost of a data breach if and when it happens.
Here is what the study showed.
- In 2014, a strong security posture reduced the data breach cost per record by $21. A good information security program with comprehensive policies and procedures for everyone to follow creates a culture of security. Security awareness must be on-going (through communication with employees, training, etc.) and follow compliance requirements. Regular security risk assessments are recommended.
- An incident response plan reduced the cost per record by $17. An organized approach to managing a security breach begins with a step-by-step plan of what to do. The SANS Institute advises that the plan details containment, restoration of data and software, and an evaluation of the process after the fact.
- A CISO appointment reduced the cost per record by $10. A chief information security officer provides much-needed leadership in this area. Also, the CISO is an important liaison with the board, which is essential for any major organization that takes security seriously, according to a Trend Micro post.
- If a lost or stolen device is involved in a data breach, the cost per record increased by $18. Secure the mobile workforce network with a combination of security, management, and controls, advises a Symantec blog post. Tools available include remote-wipe capability and other configuration-management tools, pin or password, encryption options, and endpoint security tools. The organization should regulate applications usage too.
- Third-party involvement increased the cost per record by $25. Errors, glitches, and misuse by third parties are increasingly the cause of data breaches according to research. Ensure that vendors, suppliers, and business partners implement proper information security measures.
- Business continuity management (BCM) can reduce the cost of a data breach by an average of $13 per compromised record. A BCM is a framework for recovering and carrying-on following a data breach. Computer Weekly provides this comprehensive guide for handling data breach.
Many of these operational factors target cybercrime but it’s important to remember that information is still being removed or stolen from the workplace (or workplace dumpsters) in paper and digital form. Physical safeguards around document management and disposal are key. For example, partner with a shredding company that provides a chain of custody including locked consoles in the workplace, secure on or off site shredding and a certificate of destruction after every shred.
Find out why a Shred-All Policy is a gold standard in information security.