Story image

Aussie data breach costs drop but it's still an expensive game of risk

27 Jun 17

The Australian costs of data breaches are dropping but organisations are still losing $2.5 million every year, according to findings from the recent 2017 Ponemon Cost of Data Breach report.

While it represents a 10% year-on-year decrease from $2.64 million last year, it is still taking five months for organisations to get on top of breach detection and an extra 65 days to contain it.

The report suggests that costs are down because the number of stolen records has dropped 5.8% and average cost per lost stolen record dropped to $139.

In addition, different industry sectors have different breach costs. The financial services industry can have an average cost of $232.

Factoring in customer churn after breaches, that can contribute to higher costs. Overall customer churn also dropped 5.3% overall.

IBM Security's John Vine says that the statistics show interesting challenges for Australia.

“Currently Australian organisations on average are taking more than 175 days to detect an incident. From February 2018, The Data Privacy Act will require organisations to report data breaches within 30 days to the Privacy Commissioner and their customers. Technologies such as cognitive and AI can provide faster, more cost-effective incident identification, which will speed the customer response and reduce churn," he says.

The company says that if the mean time to identify (MTTI) time was decreased to fewer than 100 days, organisations could save up to 35% on costs, bringing the average breach costs down to $1.96 million.

48% of Australian data breaches are caused by malicious or criminal attacks with a remediation cost of $154; 28% are caused by negligence ($130 cost); and 24% due to system glitches ($121 cost).

The report suggests there are a number of most profitable investments organisations can make to reduce data breach costs: Encryption, incident response teams, employee training, appoint CISOs and participate in threat sharing initiatives.

The total breach costs may have dropped in Australia but it hasn't been the same story across the globe. Japan, South Africa, India and the Middle East all experienced increased costs.

“Data breaches and the implications associated continue to be an unfortunate reality for today’s businesses,” comments Dr. Larry Ponemon.

“Year-over-year we see the tremendous cost burden that organisations face following a data breach. Details from the report illustrate factors that impact the cost of a data breach, and as part of an organisation’s overall security strategy, they should consider these factors as they determine overall security strategy and ongoing investments in technology and services.”

Organisations in Australia and globally can consider the following to reduce their costs of data breach:

  • Investments in governance, risk management and compliance (GRC) programs.
  •  Investment in enabling security technologies. These include security analytics, SIEM, enterprise wide encryption and threat intelligence sharing platforms.
  • Recruitment and retention of knowledgeable personnel.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.