When Symantec Corp. and the Ponemon Institute released their annual report on data breaches this week, the blogosphere was quick to jump on the study’s estimated costs of security snafus – up a little in some areas, down a little in others. For the channel, however, the news in the report is all good.
The hidden gem for partners lies in what Ponemon researchers found when they dug into the top factors that help mitigate the cost of a data breach. It turns out that three key ways organizations can reduce the economic impact of a catastrophic data loss are: maintaining a stronger-than-average security posture; keeping a detailed incident response plan; and engaging with security consultants for data-breach response and remediation.
How’s that for a ready-made piece of marketing collateral for any security service provider?
Put into real dollars the impact of the security measures is sobering. In the U.S., the average cost to an organization per record lost in a data breach is $188 (only Germany is higher at $190). The cost for American companies spikes to $277 per record when criminal or malicious activity is responsible for the breach, as it is in 37 percent of cases.
While the U.S. is near the top of the list in costs, it’s also the far-and-away leader in the amount of money saved by prudent security management practices, the researchers found. U.S. companies saved about $42 per record by having an incident response plan. A strong security posture saved another $34 while employing a security consultant trimmed the cost by $13. Combining the three has the potential to trim more than 47 percent off the cost of a non-criminal data breach and 32 percent off the cost of a malicious intrusion.
The money adds up when you consider that the average data breach incident in the U.S. now costs its victim an average total of $5.4 million. Heavily regulated fields like health care, finance and pharmaceuticals suffered breach costs 70 percent higher than other industries, Ponemon researchers found.
“Given organizations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear,” said Anil Chakravarthy, executive vice president of the Information Security Group at Symantec. “Companies must protect their customers’ sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data center.”
The eighth annual report studied actual data breaches of fewer than 100,000 records at 277 companies in nine countries. While criminal activity gets the most public attention and exacts the highest financial toll on victimized organizations, the study points out that human error and system problems still account for the majority (64 percent) of data breaches.
Topping the list of risk factors are the 62 percent of employees who say the think it is acceptable to transfer corporate data outside the company, leaving it vulnerable to data leaks.
All of which spells copious opportunity for solution providers to approach potential clients with the dire and costly data-breach statistics in one hand and the proven value of bolstering defenses with a trusted advisor in the other.