Where organizations invest after a data breach

Listen to the article
6 minutes

This audio is generated automatically. Please let us know if you have comments.

Like everything else, the cost of a data breach is rising, up 10% from last year, IBM concluded in its data breach cost survey released this summer.

Organizations can now expect an average of $4.88 million in costs that include business interruptions and remediation. It is the customer who ends up paying the price of a data breach, as almost two-thirds of the organizations surveyed admitted passing these costs onto the consumer.

“Getting customers to absorb these costs can be problematic in a competitive market that already faces pricing pressures caused by inflation,” IBM said in the report.

Asking customers to foot the bill for data breach remediation will not prevent future data breaches or solve the problems causing rising costs. Instead, organizations should look to the next potential cyber incident and rethink how they invest in data breach prevention.

The extensive recovery period

One of the reasons the cost of a data breach has skyrocketed is the time it takes to recover. It’s a process that takes months, IBM discovered. Three-quarters of those surveyed in the study said recovery took more than 100 days; a third said it took more than 150 days.

It’s a long process because it’s not easy to recover from a data breach, explained Chris Morales, CISO at Netenrich, in an email. Because today’s cyberattacks are like very sophisticated puzzles, often using multiple attack vectors and advanced tactics, the complexity of any cyber incident makes it truly challenging to quickly identify and resolve all aspects of a breach.

Many organizations also have significant gaps in their detection and response capabilities.

“It is not uncommon for breaches to go unnoticed for several weeks or even months, which obviously delays the start of recovery efforts,” Morales said.

Then there’s the regulatory maze to navigate. Compliance requirements add layers of complexity to the recovery process.

“It’s not just about solving technical problems,” Morales said.

“Organizations must also spend precious time and energy ensuring they comply with all legal and regulatory obligations.”

Factoring in security investments

Most organizations understand the importance of implementing proactive security measures such as advanced threat detection, regular security audits, and employee training. However, when it comes to actually investing in these areas, many fall short until a breach occurs.

“After the breach, we often see a wave of reactive spending,” Morales said.

Organizations rush to patch vulnerabilities and implement new technologies, but sometimes they miss the bigger picture. There is a tendency to focus heavily on technological solutions and invest little in people and processes.

This parallels the findings of the IBM study, which states that the key factors in increasing the cost of a data breach are a shortage of security skills and an inability to understand the complexity of the security system.

On the other hand, investing in technologies such as AI and machine learning, as well as supporting employee cybersecurity awareness training, reduces data breach costs.

Most often, an injection of security investment occurs after a breach. Data breaches are often the catalyst for substantial investment in a cybersecurity program. In fact, IBM found that nearly two-thirds of organizations increase security investments after a breach.

These post-breach investments typically encompass a range of security improvements, according to Craig Jones, vice president of security operations at Ontinue. This includes incident and response systems, implementing stricter access controls, and adopting advanced threat intelligence solutions.

“Additionally, there is an increasing emphasis on employee education, ensuring employees are well trained to recognize and respond to potential threats,” Jones said.

While many of these investments may arise in the wake of an incident, they are the first line of defense to keep costs down if and when the next breach occurs.