Security breaches continue to climb in frequency and cost, encompassing all industries and raising important personal data privacy concerns.

The growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach contributes to the high cost and lost business that follows. For business continuity, lost business has potentially the most severe financial consequences and has steadily increased over the past three years.

As the financial impact of a data breach rises, what some leaders once viewed as a pure technology issue is today seen as a larger business risk.

How Can Organizations Reduce the Risk and Costs of Data Breaches?

One answer takes a different point of view security professionals may not have considered in the past: aligning security and business continuity for incident response.

Too often, business continuity and disaster recovery stand outside the security function within an organization, with minimal touch points between the teams to ensure the most effective security management for the company. In today’s threat landscape, that needs to change.

Organizations that involve their business continuity management personnel in the data breach incident response process experience lower costs and faster recovery times.

Weather the Digital Storm of Attacks

Chief information security officers (CISOs) should take advantage of the expertise of and synergy between teams that address both security threats and continuity threats. Business continuity has always aimed to mitigate the impact of business disruptions, including the loss of IT. Security can harness this capability to bolster response planning.

Threats to IT continuity and resilience, whether naturally occurring (as in a flood or hurricane) or intentionally created (as in a distributed denial-of-service attack) disrupt the organization’s ability to function. Secure, continuous availability is a common objective for both security and continuity professionals regardless of the business disruption’s root cause.

Professionals on both sides can no longer afford to remain casual in their efforts to involve business continuity and disaster recovery planning in the security response. CISOs need to aggressively leverage these teams in their arsenal of weapons to weather the digital storm of attacks. The Business Continuity Institute also noted that this management plays an important role in reducing the total cost of a data breach.

Business Continuity and the Cost of a Data Breach

According to the “2015 Cost of Data Breach Study: Global Analysis,” conducted by the Ponemon Institute, having business continuity management (BCM) involved in the remediation of the breach reduced the cost by an average of $7.10 per compromised record.

The study also showed that both time to identify and time to contain the data breach incident are substantially lower for organizations that involved BCM. Companies using BCM decreased the mean time to identify (MTTI) a data breach by 27 percent. Moreover, by leveraging BCM, an organization can decrease the mean time to contain (MTTC) the data breach by 41 percent.

In addition to cost and recovery time advantages, the analysis found organizations involving their BCM personnel in the data breach incident response process were 6.8 percent less likely to experience a material data breach involving 10,000 or more compromised records over a one-year period.

Aligning business continuity with security includes involvement in planning, budgeting, testing and event response. By doing this, companies can ensure collaboration through proactive teaming across organizations and establish cross-representation.

More importantly, by integrating BCM, security can take advantage of business continuity intelligence on what is most critical, harness strategies already in place for loss of IT and utilize existing BCM communication and crisis management processes for coordination of response for cyber events.

**Updated** Download the Ponemon Institute 2016 Global Cost of a Data Breach Study

Learning More About BCM and Data Breaches

A separate report, “2015 Cost of Data Beach Study: Impact of Business Continuity Management,” will be released in mid-June. It focuses on the impact business continuity management has on the financial and reputational consequences of a data breach.

The solution to capitalizing on this opportunity is to incorporate business continuity into the security response structure. This is done through an operational framework that integrates all components of the skills and expertise provided by the involved professionals on both sides of the aisle.

Expanding the scope of security response planning to break down the silos that often exist and aligning business continuity with security management enables an organization to build resiliency that protects the interests of its clients and its infrastructure.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today