Security breaches continue to climb in frequency and cost, encompassing all industries and raising important personal data privacy concerns.

The growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach contributes to the high cost and lost business that follows. For business continuity, lost business has potentially the most severe financial consequences and has steadily increased over the past three years.

As the financial impact of a data breach rises, what some leaders once viewed as a pure technology issue is today seen as a larger business risk.

How Can Organizations Reduce the Risk and Costs of Data Breaches?

One answer takes a different point of view security professionals may not have considered in the past: aligning security and business continuity for incident response.

Too often, business continuity and disaster recovery stand outside the security function within an organization, with minimal touch points between the teams to ensure the most effective security management for the company. In today’s threat landscape, that needs to change.

Organizations that involve their business continuity management personnel in the data breach incident response process experience lower costs and faster recovery times.

Weather the Digital Storm of Attacks

Chief information security officers (CISOs) should take advantage of the expertise of and synergy between teams that address both security threats and continuity threats. Business continuity has always aimed to mitigate the impact of business disruptions, including the loss of IT. Security can harness this capability to bolster response planning.

Threats to IT continuity and resilience, whether naturally occurring (as in a flood or hurricane) or intentionally created (as in a distributed denial-of-service attack) disrupt the organization’s ability to function. Secure, continuous availability is a common objective for both security and continuity professionals regardless of the business disruption’s root cause.

Professionals on both sides can no longer afford to remain casual in their efforts to involve business continuity and disaster recovery planning in the security response. CISOs need to aggressively leverage these teams in their arsenal of weapons to weather the digital storm of attacks. The Business Continuity Institute also noted that this management plays an important role in reducing the total cost of a data breach.

Business Continuity and the Cost of a Data Breach

According to the “2015 Cost of Data Breach Study: Global Analysis,” conducted by the Ponemon Institute, having business continuity management (BCM) involved in the remediation of the breach reduced the cost by an average of $7.10 per compromised record.

The study also showed that both time to identify and time to contain the data breach incident are substantially lower for organizations that involved BCM. Companies using BCM decreased the mean time to identify (MTTI) a data breach by 27 percent. Moreover, by leveraging BCM, an organization can decrease the mean time to contain (MTTC) the data breach by 41 percent.

In addition to cost and recovery time advantages, the analysis found organizations involving their BCM personnel in the data breach incident response process were 6.8 percent less likely to experience a material data breach involving 10,000 or more compromised records over a one-year period.

Aligning business continuity with security includes involvement in planning, budgeting, testing and event response. By doing this, companies can ensure collaboration through proactive teaming across organizations and establish cross-representation.

More importantly, by integrating BCM, security can take advantage of business continuity intelligence on what is most critical, harness strategies already in place for loss of IT and utilize existing BCM communication and crisis management processes for coordination of response for cyber events.

**Updated** Download the Ponemon Institute 2016 Global Cost of a Data Breach Study

Learning More About BCM and Data Breaches

A separate report, “2015 Cost of Data Beach Study: Impact of Business Continuity Management,” will be released in mid-June. It focuses on the impact business continuity management has on the financial and reputational consequences of a data breach.

The solution to capitalizing on this opportunity is to incorporate business continuity into the security response structure. This is done through an operational framework that integrates all components of the skills and expertise provided by the involved professionals on both sides of the aisle.

Expanding the scope of security response planning to break down the silos that often exist and aligning business continuity with security management enables an organization to build resiliency that protects the interests of its clients and its infrastructure.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today