Ponemon Institute’s 2016 Cost of Data Breach Study: Global Analysis has revealed the following seven megatrends that are shaping the global breach landscape:
1. The average cost of a data breach has remained static (it hasn’t increased or reduced since the start of the study several years ago). This means that breach costs are fixed costs that must be factored into future planning.
2. Loss of business is the biggest financial consequence of a data breach, requiring additional measures to regain customer trust.
3. Most data breaches are due to criminal and malicious attacks, which take the longest time to detect and contain, and have the highest cost per breached record.
4. The longer it takes to detect and contain a breach, the more costly the breach. As a result, organisations are investing heavily in breach detection mechanisms to detect and contain breaches.
5. Healthcare and financial services have the highest cost of data breaches because of relatively higher fines and also higher rates of lost business and customers.
6. Effective data governance programmes reduce the cost of a data breach. The following programmes are highlighted as reducing the cost:
- Incident response plans
- Appointment of a chief information security officer (CISO)
- Employee training and awareness programmes
- Business continuity management strategies
7. Threat-sharing activities and certain data loss prevention measures, such as encryption and endpoint security, can also reduce the cost of a breach, and are important defence mechanisms for reducing data breach threats.
ISO 27001 can reduce the cost of a breach
The findings once again highlight the significant role that an ISO 27001-compliant ISMS (information security management system) plays in preventing data breaches and reducing costs. ISO 27001 not only promotes the appointment of an executive responsible for information security, but incorporates all of the above elements that have been proven to reduce breach likelihood and costs, including incident response plans, staff awareness training, business continuity plans and data loss prevention controls. All this once again proves that implementing ISO 27001 is the way to go.
GDPR and data breaches
With the advent of the General Data Protection Regulation, which will soon become law throughout Europe, there will be much greater consequences for organisations that suffer a data breach, with fines of up to 4 % of annual global turnover, or €20 million, whichever is the greater.
Get started with a no-risk ISO 27001 assessment
To start your ISO 27001 implementation journey, why not consider an in-person gap analysis of your systems, networks, processes and policies to establish the maturity of your information security practices? You will receive a personalised report that will show you exactly what needs to be done to get in line with international best practice.