Organisations spend $3.86 million (about £2.9 million) recovering from security incidents, according to Ponemon Institute’s Cost of a Data Breach Report 2020.
That represents a slight decrease on 2019, which Ponemon’s researchers credit to organisations doing a better job strengthening their cyber defences and incident response capabilities.
The report also notes that 52% of data breaches are caused by cyber attacks, and that malware is the costliest form of attack, with organisations spending $4.52 million (about £3.4 million) on average responding to such incidents.
What activities cost organisations money following a data breach?
The report outlines four activities that cost organisations money as they respond to data breaches:
- Detection and escalation
These are activities that enable organisations to identify when a breach has occurred.
It covers processes such as forensic and investigative activities, assessment and audit services, crisis management and communications to executives and boards.
- Lost business
These are activities that attempt to minimise the loss of customers, business disruption and revenue losses.
It can include disruption caused by system downtime, the costs associated with customer churn and reputational loss.
- Notification
These are activities related to the way organisations notify data subjects, regulators and third parties of the data breach.
For example, organisations will typically email or telephone those affected, assess whether the incident needs to be reported to their regulator (and contact them where relevant) and consult with outside experts.
- Ex-post response
These are the costs associated with recompensing affected data subjects, and the legal ramifications of the incident.
It includes credit monitoring services for victims, legal expenses, product discounts and regulatory fines.
Mitigating the cost of an attack
The report also highlighted the relationship between the cost of a data breach and the time it takes organisations to contain it. The researchers found that organisations take 280 days on average to detect and respond to an incident. However, those that can complete this process within 200 days save about $1 million (about £750,000).
The best way to do that, according to Ponemon Institute, is to implement automated tools to help detect breaches and suspicious behaviour.
Organisations that used artificial intelligence and analytics had the most success mitigating the costs of data breaches, spending $2.45 million (about £1.84 million) on their recovery process.
By contrast, organisations that didn’t implement such measures spent more than twice that, with an average cost of $6.03 million (about £4.5 million).
This is a lesson that organisations are gradually taking on board. The report found that the proportion of organisations that have implemented measures such as artificial intelligence platforms and automated tools has increased from 15% to 21% in the past two years.
Unfortunately, many organisations don’t know where to begin when implementing and testing defences. That’s where our Cyber Security as a Service can help.
With this annual subscription service, our experts are on hand to advise you on the best way to protect your organisation.
They’ll guide you through vulnerability scans, staff training and the creation of policies and procedures, which form the backbone of an effective security strategy.
