Enterprises often focus on the cost of lost data when they anticipate the damage of a cyber security breach. Much of the impact of a breach is the often-unanticipated cost of lost time and productivity as your security team rushes to detect and address the breach. Business continuity management creates a plan for keeping your team operating while a breach is being handled.
A study conducted by IBM in partnership with the Ponemon Institute entitled, “2018 Cost of Data Breach Study: Impact of Business Continuity Management,” provides insight into the value that a business continuity management strategy introduces to the security of an enterprise. It sought to quantify both financial and reputational value that companies experience when they actively pursue activities designed to reduce the impact of a breach.
Organizations that proactively introduce business continuity into their security strategies not only experience a reduction in the time it takes for identification and containment of a security breach, but also reduce the likelihood that they will have their data compromised. These companies have reduced their costs related to incident response by over 31%.
Reducing MTTI and MTTC: Business continuity management appears to be particularly effective at reducing the mean time to identify (MTTI) breaches and the mean time to contain (MTTC) each breach. In general, companies are slowly reducing these metrics, but those that have implemented business continuity management are driving them down more effectively. The average MTTI for these companies is 170 days (compared with 178 in 2015), while the average MTTI for companies without business continuity management is 214 days (compared with 234 in 2015).
Companies with business continuity management in place have an average MTTC of 52 days, while companies without average 90 days. The difference in these numbers translates to real savings for companies that can identify and contain a breach more quickly; the longer an attack goes undetected, the more data the hackers can make off with.
No matter the size of the organization, companies need to prioritize incident response and evaluate their capabilities. They should evaluate their ability to detect and contain a breach, as well as determine what’s necessary to keep business processes in motion while the breach is being addressed.
Your enterprise will probably need to run some drills as well as share best security practices with industry peers to determine ways to improve a business continuity management plan.
Calculating the true cost: About 38% of the cost of a data breach is related to lost business. This includes downtime during a breach, the loss of clients, and the cost of acquiring new business. On average, a total breach costs much less — $3.55 million — for companies with business continuity management, compared to $4.24 million for companies without business continuity management.
Investing in business continuity management makes sense in an era where cyber security threats change by the hour. Contact us at Diversified Technology Group for more information about tools designed to automate your security processes and get started on your business continuity plan today.