Study finds CISO appointment, business continuity shrinks breach costs

Share this article:
Report: Data breaches up 62 percent in 2013
Having business continuity staff involved in remediation reduced costs by $13 per compromised record, the report said.

By appointing a CISO, breached organizations stand to fare better in their response efforts, lessening their costs by $10 per compromised record, an annual study found.

On Monday, the “2014 Cost of Data Breach Study: United States” was released, offering insight on management efforts which can improve incident response at companies. The ninth annual study, which was sponsored by IBM and conducted by the Ponemon Institute, polled 61 U.S. companies across 16 industries, after firms experienced “the loss or theft of protected personal data and then had to notify breach victims as required by various laws,” the report said.

The study found that the average number of breached records at organizations was around 29,000 records last year. Additionally, the cost of each lost or stolen record, on average, increased from $188 to $201 per record between 2012 and 2013.

The report also noted that the appointment of a CISO, and even the involvement of business continuity management (BCM) in the response process, noticeably shrunk the costs of breaches per record. For instance, having business continuity staff involved in remediation reduced costs by $13 per compromised record (as opposed $10 per record saved under CISOs), the report said.

Though BCM and the presence of a CISO influenced costs, foundational steps, like having an incident response plan and strong security posture prior to incidents, held highest consequence.

A strong security posture reduced the average cost of data breaches by $21 per compromised record, while having an incident response plan in place shrunk costs by $17 per record, the report found.

On Monday, Larry Ponemon, chairman and founder of the Ponemon Institute, told SCMagazine.com that, for the first time, the annual study highlighted how having BCM staff more involved in breach incidents improved response efforts.

“We are seeing that large, successful companies with mature security programs, are normally getting their BCM people involved in the data breach process,” Ponemon said.

Business continuity staff, which focus on enabling the continuation of business operations in the face of disruptions, including natural disasters, can provide needed help with breach response, he explained.  

“The smart people are saying, get these people addressing cyber risks or cyber security,” Ponemon said. “We've seen more successful companies integrating BCM with security.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.