Post-Breach Costs And Impact Can Last Years

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.darkreading.com/risk/post-breach-costs-and-impact-can-last-years/d/d-id/1324055

The costs and implications of data breaches go far beyond the initial
incident response and customer notification costs. In a new survey out by
the SANS institute
<https://www.sans.org/reading-room/whitepapers/analyst/cleaning-breach-post-breach-impact-cost-compendium-36517>,
only about one third of organizations are able to remediate breaches within
a week of detection and the greatest financial impact from breaches
extended months and even years beyond the event for the majority of
organizations.

Conducted on behalf of Identity Finder, the SANS study took an in-depth
dive into the post-breach ramifications of nearly 60 organizations. Coming
from a fairly distributed range of organization sizes and industries, the
study shows that even after remediation, over 60% of organizations still
felt the impact from breaches. Meanwhile, the greatest financial impacts
were felt long after the exposure occurred. Over 40% of organizations said
they felt the biggest monetary pinch one- to 12 months after the fact.

These financial shocks often come from unexpected sources. For example,
some organizations may recognize that there will need to be additional
resources necessary to conduct forensics investigations during breaches,
but don't realize they'll have to make unplanned purchases following an
incident. Approximately 57% of respondents reported having to acquire
additional tools for forensics or data recovery as a result of a breach.

Additionally, breaches frequently uncover root causes that require
additional controls to prevent them from happening again and to keep the
regulators at bay once an event brings their focus onto an organization.
Nearly three-quarters of organizations needed to divert resources to
bolster the development of administrative policies, and approximately 65%
had to spend extra money on training and awareness programs following a
breach. Additionally, 65% of organizations had to purchase technical tools
outside the normal IT budget cycle, and over 60% needed to pick up physical
controls in the wake of a breach. What's more, around a third of
organizations realized they needed to add or change managed services to
account for increased security after a breach.

"One could argue that these controls were needed anyway and that they
should not be included in an accounting of post-breach costs. After all,
having proactive security policies and procedures in place is always the
best defense against a breach," wrote the report's author, Barbara Filkins.
However, the fact that these purchases and resource allocations were sudden
and unplanned invariably means they threw off the balance of budgeting and
caused disruption in the flow of IT operations -- versus taking a
pre-emptive and measured approach to increasing controls.

As things stand, fewer than half of organizations carry cyber insurance for
breach events, and only about a third of organizations had enough coverage
to completely cover post-breach costs, according to the report.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.