A month after the introduction of the Notifiable Data Breach Scheme, IBM have released a study they sponsored that investigates the cost of data breaches across a range of different companies. Some important findings were made that give some insight into how much data breaches cost companies, as well as how these costs can be reduced. This article will outline some of these key findings.
Source of Data Breach
IBM have found that the majority of data breaches come from malicious or criminal attacks (48%). Coming in second, 28% of data breaches involved a negligent employee or contractor, and the final 24% comes from system glitches.
This shows that it is not only vital to have proper security to defend against criminal and malicious attacks, but to also train employees in the proper use of data and your IT systems so that you can help eliminate that risk.
Time to Identify and Contain Breaches
The recent study from IBM shows that the time taken to identify and contain a data breach significantly impacts the overall cost of the data breach. On average, it took companies 175 days to detect that a breach was occurring and then a further 67 days to contain this breach. The study found that if the time to identify the breach was under 100 days, the average cost of the breach was AUD$1.96 million. This average cost rose significantly if the breach was identified after the 100-day mark to $3.05 million!
A similar pattern emerged when looking at the average time to contain breaches. If breaches were able to be contained within 30 days of identification, the average cost was $2.24 million. However, if the breach took more than 30 days to contain, the average cost of the breach jumped significantly to $2.78 million.
These two patterns show that having both expert IT staff and effective plans and procedures in the event of a data breach can save your business large amounts of money.
Lost business costs are decreasing
Businesses are now experiencing less loss of business due to data breaches than in previous years. This figure includes the turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill. This average figure has decreased from $0.84 million in 2016 to $0.79 million in 2017. This is still a large amount of business to lose due to a data breach, and so every measure that can be taken to prevent them should be taken.
All the findings in this report show that being prepared for a data breach as well as having effective procedures in place for when a breach occurs can save your business significant amounts of money. This begins by looking at the security of your data and training employees on the proper use of data and IT systems. A managed service provider can look after these for you, so you are able to continue to focus on the core aspects of your business.
The full report can be found on the IBM website here if you are interested in reading more about the findings.
To find out how well prepared your business is for a data breach, download our Data Breach Response Plan Checklist.