Preparation lowers long-term post-breach costs

Preparation can significantly lower the long-term costs of a breach

Preparation can significantly lower the long-term costs of a breach, according to a SANS report released this morning.

Companies that had plans in place, that spent time identifying and classifying data, and that used in-house teams were able to lower their long term expenses -- as did companies that successfully stayed out of the news.

The majority of companies affected by a breach also invested in new security tools and services, as well as administrative and physical controls, training, and staffing.

Once a breach has been identified and mitigated, residual financial and brand impact lasted anywhere from a month to three years, according to the report.

During post-breach period, companies have to deal with the legal fall-out of the breach, spend money on additional controls, work with customers to repair damages, and try to restore the company's reputation and brand value.

For example, one company studied, an international retail firm, is still dealing with the effects of a breach that took place in 2010. The company had to redesign its call center operations and reduce staff, and this continues to affect call center metrics such as time on hold.

Companies can take several pro-active steps to reduce the long-term costs of a data breach, said senior SANS analyst Barbara Filkins.

These include conducting a thorough risk assessment and purchasing cyber insurance.

More specifically, she recommended identifying processes that handle sensitive data, locating where that data is stored, creating an access control system, identifying which data will be the costliest if breached and which data attackers are most likely to target, and using scenario-based analysis to create response plans.

Investing in technology or systems that shortens detection time will also have an impact, she said.

"It will help you shorten both the loss you're going to suffer and the duration of that loss," she said.

On the non-technical side, media attention also had an effect on the long-term cost of a breach.

"For the most part, when an organization is breached, the media is extremely helpful for the victims," said Todd Feinman, CEO at Identity Finder, which sponsored the report.

However, the media isn't necessarily helpful for the affected organization, and may publicize information that a company is not required legally to report that may still do damage to its reputation.

Overall, recovery costs are correlated with the size of the breach, said Filkins. But larger companies do tend to spend more, both because they typically have more data to lose, and because they are a higher-profile target for hackers.

However, there are several other factors that affect the long-term impact of a breach.

The root cause of a breach was a factor, since breaches caused by hacking, malware and unauthorized access tend to go unnoticed for a longer period of time -- and result in greater damage.

The type of data stolen also had an impact, since a wider variety of data means that organizations must comply with more sets of regulations.

In addition, health data was correlated with higher costs, since personal health information has a longer shelf life than, say, credit card numbers.

Join the CSO newsletter!

Error: Please check your email address.

More about CSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place