Security breaches continue to climb in frequency and cost, encompassing all industries and raising important personal data privacy concerns.
The growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach contributes to the high cost and lost business that follows. For business continuity, lost business has potentially the most severe financial consequences and has steadily increased over the past three years.
As the financial impact of a data breach rises, what some leaders once viewed as a pure technology issue is today seen as a larger business risk.
How Can Organizations Reduce the Risk and Costs of Data Breaches?
One answer takes a different point of view security professionals may not have considered in the past: aligning security and business continuity for incident response.
Too often, business continuity and disaster recovery stand outside the security function within an organization, with minimal touch points between the teams to ensure the most effective security management for the company. In today’s threat landscape, that needs to change.
Organizations that involve their business continuity management personnel in the data breach incident response process experience lower costs and faster recovery times.
Weather the Digital Storm of Attacks
Chief information security officers (CISOs) should take advantage of the expertise of and synergy between teams that address both security threats and continuity threats. Business continuity has always aimed to mitigate the impact of business disruptions, including the loss of IT. Security can harness this capability to bolster response planning.
Threats to IT continuity and resilience, whether naturally occurring (as in a flood or hurricane) or intentionally created (as in a distributed denial-of-service attack) disrupt the organization’s ability to function. Secure, continuous availability is a common objective for both security and continuity professionals regardless of the business disruption’s root cause.
Professionals on both sides can no longer afford to remain casual in their efforts to involve business continuity and disaster recovery planning in the security response. CISOs need to aggressively leverage these teams in their arsenal of weapons to weather the digital storm of attacks. The Business Continuity Institute also noted that this management plays an important role in reducing the total cost of a data breach.
Business Continuity and the Cost of a Data Breach
According to the “2015 Cost of Data Breach Study: Global Analysis,” conducted by the Ponemon Institute, having business continuity management (BCM) involved in the remediation of the breach reduced the cost by an average of $7.10 per compromised record.
The study also showed that both time to identify and time to contain the data breach incident are substantially lower for organizations that involved BCM. Companies using BCM decreased the mean time to identify (MTTI) a data breach by 27 percent. Moreover, by leveraging BCM, an organization can decrease the mean time to contain (MTTC) the data breach by 41 percent.
In addition to cost and recovery time advantages, the analysis found organizations involving their BCM personnel in the data breach incident response process were 6.8 percent less likely to experience a material data breach involving 10,000 or more compromised records over a one-year period.
Aligning business continuity with security includes involvement in planning, budgeting, testing and event response. By doing this, companies can ensure collaboration through proactive teaming across organizations and establish cross-representation.
More importantly, by integrating BCM, security can take advantage of business continuity intelligence on what is most critical, harness strategies already in place for loss of IT and utilize existing BCM communication and crisis management processes for coordination of response for cyber events.
Learning More About BCM and Data Breaches
A separate report, “2015 Cost of Data Beach Study: Impact of Business Continuity Management,” will be released in mid-June. It focuses on the impact business continuity management has on the financial and reputational consequences of a data breach.
The solution to capitalizing on this opportunity is to incorporate business continuity into the security response structure. This is done through an operational framework that integrates all components of the skills and expertise provided by the involved professionals on both sides of the aisle.
Expanding the scope of security response planning to break down the silos that often exist and aligning business continuity with security management enables an organization to build resiliency that protects the interests of its clients and its infrastructure.