By Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute
We are pleased to announce the release of the 2016 Cost of Data Breach Study: The Impact of Business Continuity Management (BCM), in partnership with IBM. This year we studied how organizations are using BCM in 12 different countries, 383 companies across 16 industries.
According to the research, BCM programs can reduce the per capita cost of data breach, the mean time to identify and contain a data breach and the likelihood of experiencing such an incident over the next two years.
The BCM research is part of the 2016 Cost of Data Breach Study: Global Analysis, which finds that BCM involvement in data breach incident response planning and execution is very significant. Of the 383 companies in this global study, 199 companies self-reported they have BCM involvement in resolving the consequences of a data breach. The majority of these companies (65 percent) rate their involvement as very significant.
Moreover, the cost of data breach is more expensive if BCM is not part of the data breach incident response planning and execution. The average cost per lost or stolen record can be as high as $167. With BCM involvement the average cost can be as low as $149. Similarly, the total cost of data breach with or without BCM involvement is $3.71 million and $4.29 million, respectively.
In this year’s study, we wanted to uncover the practices of BCM that have the most significant impact in a data breach. In interviews with individuals knowledgeable about the experiences their companies have had with both data breaches and BCM, the following best practices emerged and demonstrate why such a program is critical to have before disaster strikes.
- Creates an orientation to rigorous planning and testing
- Enables an upstream and downstream communication channel under times of crisis
- Establishes a structure that reduces complexity of the incident response process
- Raises organizational acumen and awareness about crisis events as a result of compliance with BCM policies, plans and standard
- Provides leadership and expertise that support proactive management of significant risk
- Advances a culture that embraces proactive monitoring and vigilance
Please take a moment to download and review the report.