Contact Us




Change Locale

Data security: Lessons from the front lines of breach research

Security | Posted on July 29, 2016

Data security is a continuous battle against malicious forces—one in which the key to a successful strategy is information.

Dr. Larry Ponemon, the Chairman and Founder of the Ponemon Institute, has for more than a decade, been on the front lines of data security research.  His organization’s 2016 Cost of Data Breach Study: Global Analysis has telling intelligence for us to take to the trenches in our own fight against malware and privacy threats.

According to his Security Intelligence blog, seven “megatrends” have been revealed by the latest research report:

  1. Data security breaches are now a consistent cost of doing business in the cybercrime era. The evidence showed that this is a permanent risk that organizations need to be prepared to deal with. It needs to be incorporated into data protection strategies.
  2. The biggest financial consequence to organizations is lost business. Following a breach, enterprises need to take steps to retain customers’ trust to reduce the long-term financial impact.
  3. Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record.
  4. The longer it takes to detect and contain a breach, the more costly it becomes to resolve. Over the years, detection and escalation costs in our research have increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain a threat.
  5. Highly regulated industries such as healthcare and financial services have the most costly data breaches because of fines and the higher-than-average rate of lost business and customers.
  6. Improvements in data governance initiatives will reduce the cost of data breach. Incident response plans, the appointment of a CISO, employee training and awareness programs and a business continuity management strategy result in cost savings.
  7. Investments in certain data loss prevention controls are  important for preventing data breaches -such as encryption and endpoint security solutions. This year’s study revealed a reduction in cost when companies participated in threat sharing activities and deployed data loss prevention technologies.

Across a dozen countries, studying 383 companies, the research group found that the average total cost of a data breach is $4 million, up 29% since 2013. Each record lost or stolen costs organizations an average of $158 (up some 15% from 2013).

Ponemon Institute comes by these findings through very thorough analysis of the global market. To calculate the real costs of data breaches, they use a methodology called Activity-Based Costing (ABC). This looks at and assigns costs according the cost of all activities around resolving the breach—many which are often not considered, but nonetheless expensive—such as: investigation and forensics, determining the victims, organizing an incident response team, communications and PR outreach, notice document and disclosures, implementing call centre procedures and specialized training.

As well, the institute looks at post-breach expenses like auditing and consulting services, legal services around defense and around compliance, free or discounted services given to victims as a “make good,” identity protection services, lost customers and increased costs in customer acquisition.

Why the average cost of data breaches is so high

It’s easy to see from Ponemon’s detailed methodology why the average cost of breaches reported is so high—because, all things considered, data breaches are ridiculously costly.

When one actually factors in the direct and indirect costs, as well as lost business opportunities, the costs of data breaches can be staggering if not crippling for a business.

Without such in-depth research, the ROI of security is often hard to express, but thanks to it, it’s easy for us to understand the value of solutions like IBM’s cloud security services, allowing organizations to embrace the flexibility and elasticity of the cloud while guarding and the millions-of-dollars hit from potential data breaches, or the identity and access management services in safeguarding our organizations’ systems, data, and applications from unauthorized access.

Winning the war against data security threats requires constant attention as organizations embrace the value of disruptive technologies such as social, mobile, analytics and cloud.

To learn more about Softchoice’s security offerings to help you stay vigilant, visit our Ultimate Security Guide, where you’ll find more on solutions and services to secure your organization from the data breach, find more insights into data protection and take a free assessment of your own systems.

Related Articles

Collaboration | June 2, 2020 by Softchoice Advisor

  Videoconferencing technology isn’t new, but it has experienced a distinct rise in popularity and strategic importance  as many more organizations shift to remote work.  A flash survey of 550 U.S. employers in March 2020 and found that 67% of them were in the process of allowing more workers to telecommute. As these working arrangements […]

Cloud | May 25, 2020 by Softchoice Advisor

The Softchoice Virtual Discovery Expo (VDX) 2020 has now wrapped. Over 2,000 people registered to hear from Softchoice and our exhibitor partners about the areas driving their digital transformation today. This year, our full-day virtual tech expo happened in a much different context than the inaugural event in 2019. Attendees took away an important message: […]

Collaboration | March 26, 2020 by Softchoice Advisor

The situation surrounding COVID-19 has required many organizations to adjust their way of working. Cybercriminals are doing the same.  The need to shift many workforces to all-remote work creates new challenges, complicating an already complex cybersecurity landscape.   Across the globe, malicious actors are leveraging confusion and uncertainty around this unprecedented scenario to target individuals, businesses and their users.  With many or all end users working […]