Ponemon Institute’s 2017 Cost of Data Breach Study: Impact of Business Continuity Management (BCM), reveals that BCM programmes “can reduce the per capita cost of a data breach, the mean time to identify and contain a data breach and the likelihood of experiencing such an incident over the next two years”.
The survey findings show that there are financial and reputational benefits of having an effective BCM programme when a data breach occurs.
Ponemon Institute surveyed 1,900 individuals from 419 companies in 16 countries. Of the 419 companies, 226 reported they have BCM involvement in resolving the consequences of a data breach. Of these companies, 95% rate their involvement as significant.
The study also revealed that companies with a BCM programme that incorporates disaster recovery automation and orchestration saw a 39.5% reduction in the average cost per day of a data breach.
The report found that effective BCM provides the following important benefits:
- Significantly reduces the time to identify and contain the data breach incident.
BCM helped save companies 43 days in the identification of a breach and 35 days in containing it.
- Significantly reduces the cost of a data breach.
The average total cost of a data breach with BCM involvement was $3.35 million (£2.59 million) and without BCM was $3.94 million (£3.05 million).
- Gives substantial per day cost savings.
BCM and disaster recovery involvement in data breach response activities achieve average per day savings of $5,064 (£3,930) – or total cost savings of $394,922 (£306,487).
- Reduces the likelihood of future data breaches.
The likelihood of a repeat data breach drops from 31.8% to 23.9% with a BCM programme.
- Reduces disruption to business operations after a data breach
Business disruption dropped from 76% to 55% for companies that involve BCM in advance of the data breach.
- Improves the resilience of IT operations
Only 56% of companies experienced disruption to IT operations as opposed to 72% that didn’t have effective BCM programmes.
- Reduces the negative impact of a data breach
Reputational damage was reported in 10% more organisations than those with an effective BCM programme.
- Reduces the average per day cost of a data breach.
The average per day cost of a data breach was $1,828 (£1,418) less than for organisations without a BCM programme.
- Disaster recovery automation and orchestration reduces the per day cost of a data breach.
Companies with automated disaster recovery experienced a much lower average cost per day of $3,360 (£2,607). This represents a net difference of 39.5% – or cost savings of $1,655 (£1,284) per day.
An effective BCM system (BCMS) is imperative for managing the fall-out that occurs from a data breach.
An ISO 22301-compliant BCMS helps organisations recover from potentially damaging and disruptive incidents and protect their turnover, profits and reputation thanks to improved resilience and preparedness.
Cyber attacks are growing in scale, complexity and velocity. Companies large and small are increasingly concerned about implementing the right, affordable solutions to protect their personal and corporate data, and avoid becoming another victim.
The only solution to the growing threat of cyber attacks is to implement a robust approach that tackles all aspects of information security and business continuity throughout the organisation.
Contact us today to find out how we can help your organisation implement an effective BCMS aligned to the international BCM standard, ISO 22301.