As a government agency or jurisdiction, one of your goals is to build trust with the citizens you serve. You earn that trust by protecting their information from a government data breach. This also helps by making efficient use of taxpayer dollars. When a data breach does hit, both pillars are eroded. Your organization can serve the community better — and build their trust — by managing data breach prevention in advance and planning your response to reduce the consequences of a data breach.

The Cost of a Government Data Breach

The IBM Cost of a Data Breach Report 2020 found that breaches in the public sector averaged a cost of $1.6 million per breach, which is a 16% decrease from 2019. Compared to the other 16 industries included in the report, the public sector has the lowest cost. (Breaches in health care topped the list with an average cost of $8.6 million.) The government sector was even $1.3 million less than the transportation sector, which came in 15th place. However, the report includes the cost of lost customers, which may reduce the dollar amount cost because it’s less of a concern for the public sector than other industries.

While a government data breach is the least costly, each dollar spent is taxpayer money. That money could be better used improving the community. In the report, researchers found that the public sector lags behind other industries in terms of time to identify and contain data breaches.

The global average across all sectors to identify a breach is 177 days. Meanwhile, the average in the public sector is 231 days. Once a breach is spotted, the global average time to contain is 73 days. Compare that to the 93-day average in the public sector. The longer it takes to find and fix a data breach, the higher the costs. In addition, 70% of the respondents are concerned that the increase of remote work due to the pandemic increases the cost of a data breach.

How to Reduce the Cost of a Government Data Breach

By reducing their response time, government agencies can lower the costs of a breach. Here are three ways the public sector can more quickly spot and contain a government data breach.

No. 1: Incident Response

First, create an effective incident response team. Government organizations with an Incident Response (IR) team spend an average of $274,239 less resolving a breach than the global average. In addition, testing their incident response can lower the cost even more — possibly $311,571 more than the average. However, many government agencies and jurisdictions don’t even have an IR team.

When creating an IR team, focus on hiring people who excel at both security and teamwork, and those who have complementary technical and interpersonal skills. Be sure to include an intelligence analyst, who can offer insight into an adversary’s actions, tools and methods. When selecting tools, consider technology-agnostic platforms and tools that will allow you to move quickly.

After an attack occurs, the IR team’s first focus is removing the attacker. The next step is strategic, and involves making sure the same type of attack is not possible in the future. Your team must then rebuild the environment that was damaged in the attack. They’ll need to focus on getting the business back up and running as soon as possible. By working together and using a structured approach, your IR team can play a key role in both identifying and more quickly resolving a government data breach.

No. 2: Focus on Cloud Migration

The cost of a breach increased by an average of $243,251 for governments doing a cloud migration, the report found. Because of the amount of data moved in a short period of time, cloud migrations can lead to vulnerabilities. Common issues include misconfigurations, unpatched vulnerabilities and not changing default configurations.

One of the most effective ways to improve security during and after a cloud migration is clearly defining ownership of protected data. With cloud storage, entities often assume they are no longer on the hook for security. This incorrect assumption can lead to costly breaches. The next step is to create a baseline of your current environment, including business rules, content policies, configurations and applications.

Before migrating your data, create a plan that details the scope, timeline and data transportation method. By creating a longer migration window, agencies and jurisdictions can often lower their risk of a government data breach. Public sector organizations should also create a comprehensive cloud security plan. This should detail portability and future extensibility, often through using open standards.

By using a Cloud Security Posture Management tool, you can comprehensively manage your cloud storage and security, which will allow you to quickly identify risks. Other strategies include staying up to date with security features, enabling multi-factor authentication (MFA), using data encryption and considering private storage.

No. 3: Practice With Red Team Testing

A government data breach takes longer to resolve if your team has never practiced their processes and skills. To ensure they’re ready to go when they’re needed, your team needs to practice their response. With the red team simulation process, your red team finds loopholes in your system and launches an attack on the live system, and your blue team responds. While red team automation has been used in the past, performing a live simulation allows for a more realistic assessment of your team’s readiness. It includes complex cases, such as custom APT flows. In a live simulation, the red team uses techniques and attacks, such as footprinting, reconnaissance, penetration testing, social engineering and physical attacks.

Because your response team does not know at first if it’s a test or a real attack, you gain key insight into any possible risks. In addition, you can find the weaknesses in your response tools and processes. After the attack, the red team presents its findings to the blue team. This allows them to establish a baseline for future defense response. The exercise also provides valuable hands-on learning.

Reducing Government Data Breaches

You may already spend considerable effort focusing on government data breach prevention. Working in the public sector means that when a breach happens you also need to keep the costs and damage as low as possible. By creating and implementing strategies and tools that help your agencies quickly find a breach and then resolve it in as short a time as possible, you can continue to be a good steward of your taxpayers’ dollars.

More from Data Protection

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today