Story image

Aussie data breach costs drop but it's still an expensive game of risk

27 Jun 2017

The Australian costs of data breaches are dropping but organisations are still losing $2.5 million every year, according to findings from the recent 2017 Ponemon Cost of Data Breach report.

While it represents a 10% year-on-year decrease from $2.64 million last year, it is still taking five months for organisations to get on top of breach detection and an extra 65 days to contain it.

The report suggests that costs are down because the number of stolen records has dropped 5.8% and average cost per lost stolen record dropped to $139.

In addition, different industry sectors have different breach costs. The financial services industry can have an average cost of $232.

Factoring in customer churn after breaches, that can contribute to higher costs. Overall customer churn also dropped 5.3% overall.

IBM Security's John Vine says that the statistics show interesting challenges for Australia.

“Currently Australian organisations on average are taking more than 175 days to detect an incident. From February 2018, The Data Privacy Act will require organisations to report data breaches within 30 days to the Privacy Commissioner and their customers. Technologies such as cognitive and AI can provide faster, more cost-effective incident identification, which will speed the customer response and reduce churn," he says.

The company says that if the mean time to identify (MTTI) time was decreased to fewer than 100 days, organisations could save up to 35% on costs, bringing the average breach costs down to $1.96 million.

48% of Australian data breaches are caused by malicious or criminal attacks with a remediation cost of $154; 28% are caused by negligence ($130 cost); and 24% due to system glitches ($121 cost).

The report suggests there are a number of most profitable investments organisations can make to reduce data breach costs: Encryption, incident response teams, employee training, appoint CISOs and participate in threat sharing initiatives.

The total breach costs may have dropped in Australia but it hasn't been the same story across the globe. Japan, South Africa, India and the Middle East all experienced increased costs.

“Data breaches and the implications associated continue to be an unfortunate reality for today’s businesses,” comments Dr. Larry Ponemon.

“Year-over-year we see the tremendous cost burden that organisations face following a data breach. Details from the report illustrate factors that impact the cost of a data breach, and as part of an organisation’s overall security strategy, they should consider these factors as they determine overall security strategy and ongoing investments in technology and services.”

Organisations in Australia and globally can consider the following to reduce their costs of data breach:

  • Investments in governance, risk management and compliance (GRC) programs.
  •  Investment in enabling security technologies. These include security analytics, SIEM, enterprise wide encryption and threat intelligence sharing platforms.
  • Recruitment and retention of knowledgeable personnel.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.