The Ponemon Institute and IBM have explained several factors that impact the cost of data breaches in the 2018 Cost of a Data Breach Report. Being aware of these factors in advance can help companies save money when breaches are experienced.
The time it takes to identify and contain a breach affects the cost of the breach. If a breach is contained within 30 days, the company saves about $1 million on breach resolution costs. If a breach is contained within 100 days, the company saves $1 million compared to when it takes longer than 100 days to contain a breach.
Having an incident response team in place to deal with a breach reduces costs by about $14 per exposed record. The use of encryption reduces costs by $13 per record, and business continuity management and employee training lower the cost by $9.3 per record each. Participating in threat sharing lowers the cost by $8.7 per record and using a cybersecurity platform with artificial intelligence reduces the cost by $8.2 per record.
Loss of customers is one of the reasons for the considerable costs incurred after experiencing a breach. After a breach, it’s normal to experience customer churn. To reduce churn, businesses need to preserve the trust and loyalty of customers. Having a Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO) can help in this regard as these individuals can direct the company in guarding personal information. Offering credit monitoring and identity theft protection services to victims of a breach can help to reduce churn rate, demonstrating concern over customers and ensuring out-of-pocket expenses are kept to a minimum. When companies lose 1% of their customers because of a breach, it translates to a loss of $2.8 million. When 4% or more customers are lost, the breach costs goes up to $6 million on average.
Companies that invest in security automation see the cost of data breaches lowered by $2.88 million per breach. Without security automation, the average breach cost is $4.43 million. Third-party involvement also increases the cost of a data breach by $13.4 per record. The cost increases by $11.9 per record if the breach occurs at the time of a major cloud migration. Compliance failures increase breach costs by $11.9 per record and extensive use of mobile platforms sees breach costs increase by $10 per record. HIPAA Rules require the notification of breach victims without undue delay, but rushing the issuance of breach notifications without the complete facts in place can have a negative impact, increasing breach costs by $4.9 per record.