Ponemon Institute conducted their “Cost of a Data Breach Report” in conjunction with IBM Security, in which they surveyed more than 500 organizations. The report cited that the average cost of a data breach is $3.92 million. With the cost of data breaches rising significantly, it is important to understand how to mitigate the costs. The report indicated that the most effective way to limit the cost of data breaches is to develop and test an incident response plan.
How Incident Response Teams Reduce Cost of Data Breaches
Of the organizations surveyed, the most cost saving factor was having an incident response team, reducing costs by $360,000. Organizations that had repeatedly tested their incident response plans further reduced costs by $320,000. Organizations that had both an incident response team, and had tested their plan, spent $3.51 million on average responding to a breach.
As such, the following are steps that can be taken to reduce the cost of data breaches:
- Develop and test your incident response team and plan
The ability to respond quickly to a data breach drastically reduces the cost and scope of the breach. Organizations should develop an incident response plan that is specific to their organization. However, it is not enough to have a plan, it must be tested. Testing the incident response plan will allow you to determine what works and what doesn’t. It will also make it clear what role each person should play, and what works for different scenarios.
- Implement technology that can quickly detect and contain a breach
Using Artificial Intelligence (AI) to automate incident response facilitates the quick detection of breaches. Ponemon determined that automated security can reduce the cost of breaches by up to 50%. The report indicated that organizations with full automation spent $2.65 million on average whereas organizations without automation spent an average of $5.16 million.
- Understand risks to optimize security
Understanding where your sensitive data is allows you to determine what protections should be in place to secure it. The “Cost of Data Breach Report,” cited that 51% of breaches occur from criminal or malicious attacks.
- Backup data
The most costly aspect of a data breach is the result of downtime. Backing up data can reduce the cost of breaches significantly, especially with ransomware attacks. Ransomware attacks occur when a hacker enters an organization’s network and steals or encrypts data, demanding a sum of money for the return of data. Healthcare organizations without data backup often pay ransom as not having access to patient data can be a matter of life or death.
- Utilize experts
When your incident response team cannot handle the breach, call an expert. Hiring a cybersecurity expert can help you to contain the attack and restore data more quickly, reducing downtime.
Developing an incident response plan and testing it, is the most effective way to reduce the cost of breaches. Ponemon Institute’s “Cost of a Data Breach Report” determined that organizations that had a tested incident response plan saved an average of $1.23 million, or 35%. Healthcare organizations are targeted at a higher rate than any other industry, as such it is imperative that they implement a well-tested incident response plan.