One of the main takeaways from IBM's latest annual data breach report, released this week, is that a strong incident response capability can help organizations reduce breach costs by more than 25% on average.
IBM's study of over 500 data breach victims — conducted by the Ponemon Institute — shows that businesses with a formal incident response team and well-tested response plans spent $3.51 million on average on breach costs compared with $4.74 million by those who had neither.
The study shows that organizations on average took 206 days after initial intrusion to first identify a data breach and another 73 days to remediate it. But companies that were able to detect and contain a breach in fewer than 200 days spent $1.23 million less in breach costs.
"When it comes to data breaches, time is money, and the longer it takes to contain and remediate, the longer the organization keeps bleeding, so to speak," says Limor Kessem, global executive security advisor at IBM Security.
The IBM-Ponemon study — now in its 15th year — considered four core categories of expenses when computing breach costs: lost business, detection and escalation, notification, and post-breach, Kessem says.
"We found that lost business has remained the highest cost factor over the past five years," Kessem says. This includes things such as the costs of business disruption, revenue losses from system downtime, damage to a company's reputation, and the cost of lost customers, she says. The global average customer turnover rate caused by a data breach was 3.9%, an increase from last year's rate of 3.4%, she says.
Quick detection and response are critical to reporting the exact scope of a bre ..
Support the originator by clicking the read the rest link below.
