The Australian costs of data breaches are dropping but organisations are still losing $2.5 million every year, according to findings from the recent 2017 Ponemon Cost of Data Breach report.
While it represents a 10% year-on-year decrease from $2.64 million last year, it is still taking five months for organisations to get on top of breach detection and an extra 65 days to contain it.
The report suggests that costs are down because the number of stolen records has dropped 5.8% and average cost per lost stolen record dropped to $139.
In addition, different industry sectors have different breach costs. The financial services industry can have an average cost of $232.
Factoring in customer churn after breaches, that can contribute to higher costs. Overall customer churn also dropped 5.3% overall.
IBM Security's John Vine says that the statistics show interesting challenges for Australia.
“Currently Australian organisations on average are taking more than 175 days to detect an incident. From February 2018, The Data Privacy Act will require organisations to report data breaches within 30 days to the Privacy Commissioner and their customers. Technologies such as cognitive and AI can provide faster, more cost-effective incident identification, which will speed the customer response and reduce churn," he says.
The company says that if the mean time to identify (MTTI) time was decreased to fewer than 100 days, organisations could save up to 35% on costs, bringing the average breach costs down to $1.96 million.
48% of Australian data breaches are caused by malicious or criminal attacks with a remediation cost of $154; 28% are caused by negligence ($130 cost); and 24% due to system glitches ($121 cost).
The report suggests there are a number of most profitable investments organisations can make to reduce data breach costs: Encryption, incident response teams, employee training, appoint CISOs and participate in threat sharing initiatives.
The total breach costs may have dropped in Australia but it hasn't been the same story across the globe. Japan, South Africa, India and the Middle East all experienced increased costs.
“Data breaches and the implications associated continue to be an unfortunate reality for today’s businesses,” comments Dr. Larry Ponemon.
“Year-over-year we see the tremendous cost burden that organisations face following a data breach. Details from the report illustrate factors that impact the cost of a data breach, and as part of an organisation’s overall security strategy, they should consider these factors as they determine overall security strategy and ongoing investments in technology and services.”
Organisations in Australia and globally can consider the following to reduce their costs of data breach:
- Investments in governance, risk management and compliance (GRC) programs.
- Investment in enabling security technologies. These include security analytics, SIEM, enterprise wide encryption and threat intelligence sharing platforms.
- Recruitment and retention of knowledgeable personnel.