IBM & Ponemon Institute study results show “Time is Money” when responding to a data breach incident response teams can lead to significant cost savings
IBM Security has unveiled the results of a global study analyzing the financial impact of data breaches to a company’s bottom line. Sponsored by IBM and conducted by the Ponemon Institute, the study found that the total average cost paid by a company increased from 88.5 million INR to 97.3 million INR in 2016 in India.
According to the release, Cybersecurity incidents continue to grow in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, the study has found that companies lose up to INR 3,704 per compromised record. Breaches in highly regulated industries were even more costly: breaches in financial institutions had a per capita cost of INR 5,544 which is well above the mean of INR 3,700.
While data breaches due to third party errors or extensive migration to the cloud increase the per capita cost, according to the study, leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach – from INR 3,704 to INR 2,498 on average. In contrast, third party involvement in the cause of the data breach increased the average cost to as much as INR 4,622.
The study also found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of INR 89.4 million, breaches that were found after the 100 day mark the average cost rose significantly to INR 105.6 million.
The most difficult incident to detect and contain is the malicious or criminal act (97 and 203 days), while data breaches caused by human error take the least time to identify and contain (69 and 139 days).
The annual Cost of a Data Breach study examines both direct and indirect costs to companies in dealing with a single data breach incident. Through in depth interviews with nearly 37 companies across the country, the study factors in costs associated with breach response activities, as well as reputational damage and the cost of lost business.
Dr. Larry Ponemon remarked, “Over the many years studying the data breach experience of more than 2,000 organizations in every industry, we see that data breaches are now a consistent ‘cost of doing business’ in the cybercrime era. The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”
Ted Julian, Vice President, Resilient an IBM Company commented, “The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don’t have a plan in place to deal with this process efficiently. While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event.”
