Why a decline for data breach costs is still not good enough

Why a decline for data breach costs is still not good enough

According to a recent study by international security research company, the Ponemon Institute, the average total cost of a data breach has declined by 10% globally. While it is encouraging to learn that global costs of data breaches have decreased, the fact remains that hugely disruptive data breaches are still happening alarmingly frequently all over the world.

Don’t care was made to care

In the past year, cyber-attacks have crippled well-known education institutions, leading tech companies and even the NHS. Business leaders everywhere should have been sitting up and paying close attention as these dramas unfold, thinking ‘if it can happen to them, it could happen to us’.

In the US, the average organisational cost per breach is estimated to be $7.35 million. It’s a hefty price to pay and can be a completely avoidable one. For those businesses taking risks or not learning valuable lessons from current breaches in the news, it could only be a matter of time until it happens to them.

Taking the risks seriously and implementing preventative measures in the first place is key to avoiding an ‘I told you so’ situation.

Giving business leaders visibility

Whether it’s password sharing or staff logging on from home devices, many companies will have employees who are guilty of poor IT practices which could cause a data breach. Giving business leaders the ability to physically see these cybersecurity risks taking place within their company, so they get a real-time view of the danger, is a great place to start.

visibility and risk for user logons

USER ACCOUNTS AT RISK: Bob has logged on simultaneously from two different locations. Charlie’s login is from an existing session with different credentials. (From UserLock’s real-time monitoring)

A future-proofing investment

In order to drive down data breach costs even more, and perhaps eradicate them altogether, IT teams need to encourage business leaders to see IT security measures as more than just an ‘as and when’ requirement. Such software should be considered a future-proofing investment, just like the company’s insurance. Once a data breach has already taken place, it’s too late and the measures needed to resolve the issue will inevitably be complex, disruptive and costly.

Other than preventing breaches, effective security software has other benefits. It can also help the company remain competitive, close business deals and build trust with customers, partners and the supply chain.

Read more on why management should care more about IT security and particularly the insider threat.

How context-aware logon security can help

One way to avoid breaches is through context-aware logon security, such as UserLock, which determines whether to grant or deny access to a user based on information other than a password.

Security systems like this can use granular details such as where and when the login attempt is taking place or the device the person is using. For example, if Bob in accounts never usually logs in on a Saturday, but has recently started accessing and changing files from a home computer at the weekend, the system will automatically flag this unusual and suspicious behaviour, meaning the IT team can investigate.

Resolving such issues in real time makes the business more prepared and less likely to suffer a breach, meaning the chance of having to pay to resolve one is also greatly reduced.

Share this post :


Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.