What is the cost of a data breach?

Data breach costs can be ongoing for years, a new study finds. Here's the breakdown of costs and advice on how to minimize them.

1 2 Page 2
Page 2 of 2

Another important part is public response. Losing customer trust ultimately leads to a loss of business, which can increase the overall cost of the breach. “A huge component of it is the communications in the aftermath of a breach and during a breach,” explains Whitmore. “How do we effectively get messaging out to our consumers or clients about what's going on? Then these events can be an opportunity to build a lot of customers' goodwill, and a lot of confidence when handled correctly, but that requires a lot of preparation and training in advance for these organizations.”

Expansive use of encryption, automating security wherever possible, tested business continuity plans, and utilizing red teaming can all reduce the potential cost of a breach. “With security automation the difference between organizations that have fully deployed versus no deployment is over $3.5 million difference for the average breach,” says Debeck. “That's huge.”

On the technical side, DevSecOps approaches, employee training, cyber insurance, and getting the board involved in security are also found reduce the cost of a breach by more than $100,000 each on average. Conversely, breaches originating from third parties, cloud migration, internet of things, or operational technologies can all drive the cost of a breach up by more than $100,000 each on average. “Cloud migration is a great security decision,” says Debeck, “but if you don't have the knowledge, expertise, and skills for doing cloud migrations there's potential risks there.”

Whitmore’s main advice for keeping the cost of a breach down is proper visibility into your environment and ensuring robust and tested offline backups. “If we can reduce the time takes to identify a breach and contain it pretty significantly, then those organizations will not have such a high amount of records lost and ultimately, they're not going to face the same level of fines that we're seeing right now.”

“In cases of ransomware or destructive malware, we see that organizations lose access to their most critical data, and then they spend a lot of time trying to rebuild environments getting access to it again,” Whitmore continues. “I would recommend having offline backup of your most critical data.”

Copyright © 2020 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
The 10 most powerful cybersecurity companies