Story image

Aussie data breach costs drop but it's still an expensive game of risk

27 Jun 2017

The Australian costs of data breaches are dropping but organisations are still losing $2.5 million every year, according to findings from the recent 2017 Ponemon Cost of Data Breach report.

While it represents a 10% year-on-year decrease from $2.64 million last year, it is still taking five months for organisations to get on top of breach detection and an extra 65 days to contain it.

The report suggests that costs are down because the number of stolen records has dropped 5.8% and average cost per lost stolen record dropped to $139.

In addition, different industry sectors have different breach costs. The financial services industry can have an average cost of $232.

Factoring in customer churn after breaches, that can contribute to higher costs. Overall customer churn also dropped 5.3% overall.

IBM Security's John Vine says that the statistics show interesting challenges for Australia.

“Currently Australian organisations on average are taking more than 175 days to detect an incident. From February 2018, The Data Privacy Act will require organisations to report data breaches within 30 days to the Privacy Commissioner and their customers. Technologies such as cognitive and AI can provide faster, more cost-effective incident identification, which will speed the customer response and reduce churn," he says.

The company says that if the mean time to identify (MTTI) time was decreased to fewer than 100 days, organisations could save up to 35% on costs, bringing the average breach costs down to $1.96 million.

48% of Australian data breaches are caused by malicious or criminal attacks with a remediation cost of $154; 28% are caused by negligence ($130 cost); and 24% due to system glitches ($121 cost).

The report suggests there are a number of most profitable investments organisations can make to reduce data breach costs: Encryption, incident response teams, employee training, appoint CISOs and participate in threat sharing initiatives.

The total breach costs may have dropped in Australia but it hasn't been the same story across the globe. Japan, South Africa, India and the Middle East all experienced increased costs.

“Data breaches and the implications associated continue to be an unfortunate reality for today’s businesses,” comments Dr. Larry Ponemon.

“Year-over-year we see the tremendous cost burden that organisations face following a data breach. Details from the report illustrate factors that impact the cost of a data breach, and as part of an organisation’s overall security strategy, they should consider these factors as they determine overall security strategy and ongoing investments in technology and services.”

Organisations in Australia and globally can consider the following to reduce their costs of data breach:

  • Investments in governance, risk management and compliance (GRC) programs.
  •  Investment in enabling security technologies. These include security analytics, SIEM, enterprise wide encryption and threat intelligence sharing platforms.
  • Recruitment and retention of knowledgeable personnel.
Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.