- Security TWENTY
- Women in Security
Having an Incident Response (IR) team in place reduces the cost of a data breach, it’s suggested in a study sponsored by the multi-national firm IBM Security. The speed at which a breach can be identified and contained is in large part due to the use of an IR team and having a formal incident response plan, the report suggests. IR teams can assist organisations to navigate the containing of a data breach to mitigate further losses.
And according to the study, how quickly an organization can contain data breach incidents have a direct impact on financial consequences. The cost of a data breach was nearly $1 million lower on average for organizations that were able to contain a data breach in less than 30 days compared to those that took longer than 30 days. The report points out that speed of response will be increasingly critical as General Data Protection Regulation (GDPR) comes in across the European Union (including the UK) in May 2018. That new data protection law will require organisations doing business in Europe to report data breaches within 72 hours or risk facing fines of up to four percent of their global annual turnover. As the report notes, businesses in the United States face 48 of 50 states with their own data breach laws. Responding to US regulatory requirements and reporting to potentially millions of consumers can be costly and resource intensive, IBM says.
Wendi Whitmore, Global Lead, IBM X-Force Incident Response & Intelligence Services (IRIS) said: “New regulatory requirements like GDPR in Europe pose a challenge and an opportunity for businesses seeking to better manage their response to data breaches. Quickly identifying what has happened, what the attacker has access to, and how to contain and remove their access is more important than ever. With that in mind, having a comprehensive incident response plan in place is critical, so when an organization experiences an incident, they can respond quickly and effectively.”
There’s room for organisational improvement when it comes to the time to identify and respond to a breach. On average, organisations took more than six months to identify a breach, and more than 66 extra days to contain a breach once discovered. For a seventh year in the studies, healthcare topped the list as the sector that finds data breaches most costly. Involvement of third-parties in a data breach was the top contributing factor that led to an increase in the cost of a breach. And places with a disaster recovery process, whether manual or automatic, lost less from a breach.
The study by the US-based researchers Ponemon Institute covered 11 countries in two regions. Dr Larry Ponemon said that data breaches and the implications continue to be an unfortunate reality. “Year-over-year we see the tremendous cost burden that organizations face following a data breach. Details from the report illustrate factors that impact the cost of a data breach, and as part of an organization’s overall security strategy, they should consider these factors as they determine overall security strategy and ongoing investments in technology and services.”
Darren Anstee, Chief Technology Officer at Arbor Networks, said: “The survey results make it clear that the time taken to contain a breach has a direct bearing on the cost. Threat triage, investigation and containment are processes carried out by people that need technology to support their efforts. The technology needs to allow our people to get true visibility into what is going on, rather than simply providing huge amounts of data that has to be manually trawled through.
“The survey shows that a unified set of consistent regulatory requirements can lower overall costs. However, we have to be careful that we don’t focus too much on compliance at the expense of adopting new technologies and processes that can help us reduce overall risk.”