Data breaches cost UK organisations an average of £2.48 million, according to Ponemon Institute’s 2017 Cost of Data Breach Study.
This figure actually represents a slight decrease from 2016 (£2.53 million), something that the report claims is due to UK organisations’ ability to reduce the size of data breaches and the loss of customers following a breach (‘abnormal churn’). The average size of a data breach decreased by 5%, and abnormal churn also decreased by 5%.
Ponemon Institute’s figures are based on a sample of 40 organisations in a variety of sectors, and are part of a global study that’s broken down into individual countries and regions.
The data from the survey is also available in a data breach calculator, with which you can sort the cost of a data breach by location, industry and cost factor.
How have companies reduced the damage from data breaches?
The report outlines a number of ways in which organisations have been able to reduce the size of data breaches and abnormal churn following a breach:
- Preserve customer trust
“Programs that preserve customer trust and loyalty in advance of the breach will help reduce the number of lost business/customers,” the report claims. A senior-level leader, such as a chief privacy officer or chief information security officer, can direct initiatives that improve the customers’ trust in the way organisations safeguard their personal information. The report also states that organisations can reduce abnormal churn by offering identity protection services to data breach victims.
- Identify and contain a breach more quickly
The faster a breach can be identified and contained, the less it will cost. The report states that organisations were able to reduce the length of time it took to identify a beach (from approximately 201 days last year to 191 days) and to contain it (from 70 days to 66 days). It attributes this to greater investment in security analytics, security information and event management, enterprise-wide encryption and threat intelligence sharing platforms.
- Implement GRC programmes
Organisations can improve the way they respond to a data breach by investing in governance, risk management and compliance (GRC) programmes. These can “establish an internal framework for satisfying governance requirements, evaluating risk across the enterprise and tracking compliance with governance requirements”.
- Mitigate attacks by criminals and insider threats
The report found that attacks by malicious insiders and criminals are costlier than system glitches and negligence. Organisations can mitigate the threat of insiders and criminals by participating in threat sharing, using security analytics and recruiting and retaining knowledgeable personnel.
To successfully achieve each of these goals, it’s important to remember that the size of data breaches and the volume of abnormal churn go hand in hand. Ponemon Institute’s report indicates that reducing one will reduce the other. This can be seen in the report; the financial, technology, life science and service industries had both the highest average cost per data breach and the highest volume of abnormal churn, and the public services and transportation industries had the lowest cost per data breach and lowest volume of abnormal churn.
Subscribe to our Daily Sentinel for all the latest cyber security news and advice.