Data breaches are on the rise and so are the associated costs. As the cost of security incidents rise, so too does the rise in the number of breaches. It would be reasonable to expect to see more incident response teams as organizations are on high alert, but in reality, data breach fatigue continues to be a persistent problem across all industries.
According to the 2016 Cost of Data Breach Study, the average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158. The report indicates that most (59%) of the costs can be attributed to:
- Incident forensics
- Legal expenditures
- Regulatory mandates
Not only are organizations seeing rising costs associated with data breaches, but also a rising tide of data breaches. Similar to other reported figures, this report indicates a 64% rise in security incidents reported in 2015 versus 2014.
Data Breach Fatigue a Result of Breaches Becoming More Complicated
Data breach fatigue sets in when your company becomes overwhelmed with data breach prevention and response. Another contributing factor to Data breach fatigue is the anxiety that comes with worrying about whether or not your team is protected, wondering when a breach will occur, and is your company doing enough to stay safe and keep your data protected.
The report indicates the rising complexity associated with data breaches, from the method of attack to the increased regulatory pressures. Breaches in highly regulated industries face even higher costs, with healthcare breach costs reaching $355 per record, more than double the overall average cost per record. Right now, data breaches are so prevalent, the report puts the likelihood of a material data breach involving 10,000 lost or stolen records at 26% for the next 24 months.
With the rising cost of data breaches, and the continuous rise in number of breaches (which has continued into 2016), you would think many organizations would be on high alert. Sadly, data breach fatigue continues to be a persistent problem across all industries. According to the report,
70% of US security executives say they lack an incident response plan | The 2016 Cost of Data Breach Study
Incident Response Teams Can Minimize Damage
According to the study, an incident response team was the single biggest factor associated with reducing the cost of a data breach, a savings of up to $16 per record. Having a plan in place for how internal teams react can help an organization under attack respond quickly to incidents to minimize damage, minimize negative PR blowback, and meet compliance requirements. Incident response teams should be able to identify a security incident and stop additional data leakage, and comply with disclosure and communication requirements.
Fast Breach Detection is Key
The study found that the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. A breach identified in less than 100 days averaged $3.23 million, while breaches found later cost over $1 million more, on average. The average time to identify a breach in the study was estimated at 201 days, and the average time to contain a breach was estimated at 70 days.
Having an incident response plan in place, along with technologies, ensures the following:
- Automatically monitors for data and devices at risk
- Help organizations ensure data breaches are detected and contained more quickly
- Lowering the costs associated with a data breach
Additional steps to reduce costs include an investment in data loss prevention controls, encryption programs, endpoint security solutions and participating in threat sharing.
How Absolute Can Help
At Absolute, our unrivaled endpoint data security solution secures your endpoints and the sensitive data they contain, with automated alerts and monitoring, regardless of user or location. Our Persistence technology provides you with comprehensive visibility into all of your devices enabling you to confidently manage mobility, investigate potential threats, and take action if a security incident occurs. No other technology can do this.