3 Reasons IT Security Breach Costs Keep Rising

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://mspmentor.net/managed-security-services/060115/3-reasons-it-security-breach-costs-keep-rising

Last week the Ponemon Institute rolled out the results of yet another
Global Cost of Data Breach report and, surprising very few people in the
security world, the stats show costs rising again. Sponsored by IBM, the
report benchmarked 350 companies across 11 countries. It found that the
consolidated total cost of a breach has now risen to $3.8 million, about 23
percent higher than the figure back in 2013. They're compelling statistics
for anyone in the managed services world trying to offer customers
justification for improved security coverage.

According to the report, there are three big factors that are contributing
to the rising costs of breaches.

Attack volume is rising and attacks are messier to clean up

"Cyber attacks are increasing both in frequency and the cost it requires to
resolve these security incidents," explained Larry Ponemon, chairman and
founder of Ponemon Institute.

In breaking down the root causes of benchmarked incidents, data breaches
due to malicious or criminal attacks rose by five percentage points to 47
percent. Meanwhile, the cost of breaches cause by these attacks rose from
$159 per record to $170.

Reputation damage is taking its toll

It may be one of the hardest figures to estimate, but Ponemon's team
believes lost business has one of the most severe potential financial
consequences of all of those stemming from a breach.

"The financial consequences of losing customers in the aftermath of a
breach are having a greater impact on the cost," he says.

Based on an examination of things like abnormal turnover of customers,
reputation losses, diminished goodwill and increased customer acquisition
activities, Ponemon comes up with estimates on lost business costs. It
estimates that it rose to $1.57 million on average from the previous
estimate of $1.33 million.

According to the report this is likely a function of consumers' growing
awareness of identity theft and willingness to vote with their wallets when
trusted brands fail to protect their personal information.

Incident response and forensics costs rose

Response and detection costs have increased for the past three years
running, the report showed.

"More companies are incurring higher costs in their forensic and
investigative activities, assessments and crisis team management," Ponemon
explains.

According to the report, in the past year, the average cost of detection
and escalation costs rose by more than 25 percent. In many cases companies
are investing in integrating forensic solutions into incident response
procedures, which will help them with long-term analysis of root causes of
their breaches. This is good and bad as the increase in tooling could
expose bigger breaches, resulting in higher costs in years to come.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!