How Preparing for a Data Breach Can Reduce Remediation Costs
How prepared is your organization in the event of a data breach? It might mean a lot to your company’s bottom line to put a plan in place now. A Ponemon Institute survey found that the cost per breached record can be reduced nearly 92 percent if an organization has a plan in place ($201 to just $17 per record), according to the Second Annual Study on Data Breach Preparedness, released this month.
And when breached victims reach the millions, that can make a big difference. According to Target’s interim President John Mulligan, the total cost of their breach late last year has totaled $148 million, as reported in early August by Forbes.com. And according to the NYTimes.com, also in early August, the company expects its earnings to drop 78 cents a share to 85 cents to $1 a share to reflect “more cautious consumer spending.”
However, a principal Forrester Research analyst estimated that costs were bound to rise even higher than the reported $148 million to an estimated long-term total of $1 billion; stating that “150 million in a quarter seems almost like a bargain.”
And data breaches are only increasing in frequency, as the report shows. While 33 percent of respondents reported a data breach last year, the percentage has increased 10 percent to 43 this year. Another 60 percent said their company has experienced more than one breach in the past two years, which increased 8 percent from 52 in 2013. In a report (PDF) from the Identity Theft Resource Center, 75 million records have been breached in 2014 alone.
Verizon’s 2014 PCI Compliance Report shows that global card fraud losses have reached $12 billion in 2012, rising steadily over the years since 2000.
What’s keeping companies from properly securing their organizations? When it comes to technical security considerations, 56 percent of respondents said increasing the visibility into end-user access of sensitive and confidential information could help reduce barriers and improve their detection and response to data breaches.
Second to gaining transparency is the ability to reduce risks created by mobile devices and cloud services, according to 43 percent of the respondents.
Another interesting obstacle is third-party access to or management of data (40 percent), which has been the downfall of many organizations when it comes access to their corporate networks and stolen customer data.
Target is the prime example of this, owing the theft of 40 million customer credit card numbers to the exploitation of their third-party HVAC company’s credentials, leading to the initial breach of Target’s network. Get more details about retail breaches in POS Remote Access Software: Vulnerable Without 2FA.
Jimmy John’s, as well as 100+ different independent restaurants were breached after their third-party POS vendor had their credentials stolen and exploited. While often overlooked, the security practices of your third-party vendor obviously can have a large impact on the security of a bigger organization. Read more about this breach in Lack of PCI & PA-DSS Compliance in Recent POS Vendor Breach.