As 2015 comes to a close, and IT, security and compliance leaders draw on the developments of the past year to plan for a more digitally secure 2016, here are some takeaways to keep top of mind when sketching plans on the whiteboard or reviewing financial statements.
The Cost of a Data Breach
The IBM and Ponemon Institute’s 2015 Cost of Data Breach Study, which surveyed 350 companies from 11 countries which underwent a breach ranging from 2,000 to 100,000 records (that can be linked to the individual whose details were lost or stolen). Survey countries included the United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (United Arab Emirates and Saudi Arabia) and Canada.
The average total cost of a data breach rose 12% per capita from an average of $145 published in the previous study to the $154 average reported in this year’s findings. The industries with the highest cost per record are health ($363 per record), education ($300), pharmaceuticals ($220), financial sector ($215) and communications ($179).
Why are Costs Going Up?
The study cites three factors as contributing to the increase in breach resolution costs. Namely, the higher price tag associated with the breach investigation and escalation (including forensics and audits), a higher frequency of malicious attacks (including external and insider attacks) and an increase in lost business as a result of a breach. The latter includes abnormal turnover of customers, increased customer acquisition activities, reputation tarnishing and diminished good will. (Loss of confidence as a result of a breach is also documented in the Consumer Confidence Level Index.)
Breach Cost Reducers
According to the study, factors that lower the cost of a data breach include an incident response team, extensive use of encryption, employee training, business continuity management, CISO leadership, board-level involvement and insurance protection. These factors alone are estimated to decrease the per capita cost of a breach by $54, or one-third of the per capita cost of an ‘average’ breach.
Mobility in the Face of ‘Breachability’
Demonstrating the high level of worldwide breach awareness, according to Gemalto’s survey of 900 IT decision makers from around the globe, almost all IT leaders (94%) said they were concerned that their organization will be breached or hacked as a result of credential theft or compromise.
And while the vast majority of organizations recognize enterprise mobility as being very important, with most already leveraging 2FA to protect access by external users (e.g. partners and consultants)—the road to greater employee mobility is yet long. Almost half of surveyed decision makers (46%) cited security concerns as hampering their organizations’ ability to implement enterprise mobility programs, while an equal percentage cited manageability challenges.
To concurrently address manageability and security challenges, organizations should seek solutions that enable central administration of identities and access controls for all their applications, and enforce strong authentication in a device-agnostic manner. To learn more browse Gemalto.com/enterprise-security or visit Gemalto’s Secure Employee Mobility website.