Contact Us




Change Locale

Data security: Lessons from the front lines of breach research

Security | Posted on July 29, 2016

Data security is a continuous battle against malicious forces—one in which the key to a successful strategy is information.

Dr. Larry Ponemon, the Chairman and Founder of the Ponemon Institute, has for more than a decade, been on the front lines of data security research.  His organization’s 2016 Cost of Data Breach Study: Global Analysis has telling intelligence for us to take to the trenches in our own fight against malware and privacy threats.

According to his Security Intelligence blog, seven “megatrends” have been revealed by the latest research report:

  1. Data security breaches are now a consistent cost of doing business in the cybercrime era. The evidence showed that this is a permanent risk that organizations need to be prepared to deal with. It needs to be incorporated into data protection strategies.
  2. The biggest financial consequence to organizations is lost business. Following a breach, enterprises need to take steps to retain customers’ trust to reduce the long-term financial impact.
  3. Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record.
  4. The longer it takes to detect and contain a breach, the more costly it becomes to resolve. Over the years, detection and escalation costs in our research have increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain a threat.
  5. Highly regulated industries such as healthcare and financial services have the most costly data breaches because of fines and the higher-than-average rate of lost business and customers.
  6. Improvements in data governance initiatives will reduce the cost of data breach. Incident response plans, the appointment of a CISO, employee training and awareness programs and a business continuity management strategy result in cost savings.
  7. Investments in certain data loss prevention controls are  important for preventing data breaches -such as encryption and endpoint security solutions. This year’s study revealed a reduction in cost when companies participated in threat sharing activities and deployed data loss prevention technologies.

Across a dozen countries, studying 383 companies, the research group found that the average total cost of a data breach is $4 million, up 29% since 2013. Each record lost or stolen costs organizations an average of $158 (up some 15% from 2013).

Ponemon Institute comes by these findings through very thorough analysis of the global market. To calculate the real costs of data breaches, they use a methodology called Activity-Based Costing (ABC). This looks at and assigns costs according the cost of all activities around resolving the breach—many which are often not considered, but nonetheless expensive—such as: investigation and forensics, determining the victims, organizing an incident response team, communications and PR outreach, notice document and disclosures, implementing call centre procedures and specialized training.

As well, the institute looks at post-breach expenses like auditing and consulting services, legal services around defense and around compliance, free or discounted services given to victims as a “make good,” identity protection services, lost customers and increased costs in customer acquisition.

Why the average cost of data breaches is so high

It’s easy to see from Ponemon’s detailed methodology why the average cost of breaches reported is so high—because, all things considered, data breaches are ridiculously costly.

When one actually factors in the direct and indirect costs, as well as lost business opportunities, the costs of data breaches can be staggering if not crippling for a business.

Without such in-depth research, the ROI of security is often hard to express, but thanks to it, it’s easy for us to understand the value of solutions like IBM’s cloud security services, allowing organizations to embrace the flexibility and elasticity of the cloud while guarding and the millions-of-dollars hit from potential data breaches, or the identity and access management services in safeguarding our organizations’ systems, data, and applications from unauthorized access.

Winning the war against data security threats requires constant attention as organizations embrace the value of disruptive technologies such as social, mobile, analytics and cloud.

To learn more about Softchoice’s security offerings to help you stay vigilant, visit our Ultimate Security Guide, where you’ll find more on solutions and services to secure your organization from the data breach, find more insights into data protection and take a free assessment of your own systems.

Related Articles

Cloud | December 20, 2019 by Ryan Demelo

The stakes surrounding data security and risk mitigation rise with each passing year. Data breach costs continue to increase and potential threats grow more sophisticated.  According to IBM, the average total cost of a data breach – after accounting for remediation, reputational damage and regulatory issues – has reached $3.92 million. While smaller organizations may […]

Cloud | December 11, 2019 by Karly Pierce

IT organizations have seen too much of their time consumed by non-strategic tasks. This comes at great cost to their bottom lines and cloud transition strategies.  In fact, a 2018 Stripe survey found that between dealing with bad code, technical debt and various refactors or modifications, most of the typical developer workweek was wasted.   That […]

Cloud | November 28, 2019 by Ryan Demelo

Among the biggest obstacles to IT resilience is the “data dilemma.”  That data has become “the new oil” is a well-worn cliché by now. But clichés earn that status because they originate in the truth. And it’s true that today, data drives the decision-making that moves businesses forward. Protecting it is more important than ever. […]