Organizations that involve their business continuity management teams in data breach planning and response can reduce the likelihood of data breach and lessen the cost and impact of any breach that should occur. These findings were uncovered in the 2015 Cost of Data Breach Study: Impact of Business Continuity Management, sponsored by IBM and conducted by the Ponemon Institute.
Ponemon has been charting the cost of data breaches for the last 10 years and in 2014 began examining the correlation between the cost of data breaches and business continuity management’s involvement with cyber security teams in responding to them. This year, the study found that such involvement reduces breach costs by an average of US$14 per compromised record, from US$161 to US$147. Because data breaches can affect thousands of records, overall savings can be significant: BCM involvement can reduce the total cost of each data breach from US$3.8 million to US$3.5 million.
Identifying and containing a data breach quickly is instrumental to limiting its impact and the study found that business continuity involvement can reduce the mean time to identify a data breach from 234 to 178 days, and the mean time to contain a data breach from 83 to 55 days.
Perhaps most important, the study found that BCM involvement with security operations can actually reduce the likelihood of data breach. According to the Ponemon study, the likelihood of a data breach involving 10,000 or more records striking a company that involves BCM in security operations is 21.1%, compared to 27.9% for organizations that have no BCM involvement with security. And if a breach does occur, it will negatively affect the business operations of only 55% of organizations that involve BCM with security, compared to 80% of organizations with no such involvement.
Clearly, BCM involvement with security operations can help limit the instances of data breach and mitigate the damage caused if a breach does occur. Organizations now understand this, and are finding ways to coordinate security and BCM response to breach. According to the Ponemon study, roughly 50% of the companies polled now have BCM involvement in data breach response planning and execution, up from 45% in 2014.
For further information on how business continuity management and security operations can work together to limit the impact of a data breach, read the IBM White Paper - Business continuity management: security can work together to safeguard data.