IR (incident response) plans are the most effective way of mitigating the damage of data breaches, Ponemon Institute has found.
Its 2018 Cost of a Data Breach Study revealed that the average cost of a data breach for organisations without an IR plan was $148 (about £116) per record, which is approximately $14 (about £11) more than those with an IR plan.
According to the report, data breaches set organisations back $3.86 million on average, which means an IR plan could lead to savings of up to £285,000 per incident.
This makes IR the biggest factor in reducing the damage of a data breach. Other effective strategies include encrypting information (saving about £10 per record), adopting business continuity management (£7.30), conducting staff awareness training (£7.30) and sharing threats (£6.80).
How does IR help?
Most of the costs associated with a data breach come in the immediate aftermath. Organisations’ productivity drops off as they look for ways to contain the breach and resume work. This isn’t a problem with IR, because organisations will be prepared for a variety of incidents. All they need to do is execute the plan and make sure staff understand and follow it.
Ponemon Institute also found that the time to recover from a data breach is piling up, meaning effective IR is more important than ever. It took organisations an average of 196.7 days to identify a breach (compared to 190.7 in 2017) and 69 days to contain (compared to 66.2 in 2017). Additionally, the average size of a breach (defined as the number of records lost or stolen) increased by 2.2% compared to 2017.
This goes to show that organisations’ current defences aren’t enough. That’s hardly surprising, given the vast number of attacks being carried out and the constantly emerging vulnerabilities in software and systems. As soon as organisations accept that breaches are inevitable, they will realise the value of IR and damage limitation.
How you can implement an IR plan
The time and effort it takes to implement an IR plan are often organisations’ biggest obstacles. Even if they are aware of the benefits of IR and want to create an effective system, they simply might not have the knowledge or resources.
IT Governance understands this, so we’ve developed our Cyber Incident Response Management service to help organisations create a plan with as little hassle as possible. Our team of experts will work with you to create a system tailored for your organisation’s needs. When we’re done, your technical staff will be capable of detecting incidents promptly, and will have everything they need to:
- Determine their level of gravity;
- Contain the incident if required;
- Report the incident;
- Take corrective action;
- Recover systems and resume operations; and
- Analyse the incident and develop a framework for continual improvement.