Business Continuity Management (BCM) has measurable results for companies, when it comes to lowering costs for data breaches. This is highlighted in a recent study by the Ponemon Institute, sponsored by IBM. The recent report shows how BMC plays a critical role in mitigating financial and reputational risks associated with data breach. Companies that employ BCM save an average of $400,000 in costs during their time to identifying and containing a breach, shows the study.
Having a business continuity management is crucial for keeping your business afloat no matter the disaster. We’ve spoken before about how IT outages can cause big losses for companies. The recent stats published by the Ponemon Institute show how pivotal business continuity management is to lowering costs of data breaches.
BCM: Bullet-proof Protection for Businesses
Here’s just a few of the benefits identified in the Ponemon Institute report:
- A BCM strategy can help to reduce the total cost of a data breach by as much as 16 percent
- BCM reduces the total average time to identify and contain a data breach incident by 78 days
- A company saves, on average, $394,000, over that response time period
- The per-day cost of a data breach was on average almost 40% lower for companies using some form of BCM
- BCM decreases the likelihood of a recurring data breach by 28% over the next two years.
And if you’re not already sold on the benefits of BCM, let’s take a look at what happens when you go without it.
We already know, from numerous other studies (and for some unfortunate pundits, from experience), that data breaches cost organizations a pretty penny. If you factor in the costs of fines in case of compliance violations, it becomes a sysadmin’s worst nightmare.
Just recently, the United States’ largest for-profit health care company, Anthem, had to settle in court for the record amount of $115 million. The company faced a series of lawsuits after a 2015 incident compromised the data of 79 million individuals. Part of this money will go to towards two years of credit monitoring for the breach’s victims. Some of it will go towards information security and updating its data security systems.
Anthem denies any wrongdoing or that the attack caused anyone harm. However, it’s easy to see how this kind of event can spell disaster for a company, if it does not comply with industry regulations for data encryption and strict access control.
Business Continuity Management – or Lack Thereof
The Ponemon Institute’s 2017 Cost of a Data Breach Study consisted of a survey of 1,900 individuals from 419 companies in 16 countries. Of the 419 companies, 226 self-reported they have BCM involvement in resolving the consequences of a data breach. That’s a full 46% that mentioned they do not have BCM involvement for data breaches. A staggering number, considering the consequences reported of not having BCM in place.
- Among those who reported NOT using BCM, 76 percent of companies had a material disruption to business operations. Meanwhile, only 55 percent of companies using BCM had material disruption to business.
- Over half (62 percent) of companies without BCM involvement said their brand and reputation was negatively affected by a data breach. This percentage went down 10% among companies using business continuity management.
- Finally, the average total cost of data breach was $3.94 million for organizations operating without BCM programs. Companies using BCM programs reported an average total cost of $3.35 million, or 14% lower.
On a side note, the Cost of Data Breach Report showed the global average cost of a data breach is down 10 percent over previous years. However, while the cost is getting lower, the average size of a data breach increased 1.8% to over 24,000 records. Not surprising, giving the ingenuity of malware and ransomware creators lately, that has got numerous respectable organizations in the world feeling heat over security.
Business Continuity Management Implementations
Business Continuity Management, as defined by ISO 22301:2012, is the process that identifies potential threats to an organization and the impacts to business operations they may cause. This holistic process provides a framework for building organizational resilience. It allows the organization to have an effective response and safeguard its interests.
Implementing BCM in your organizations’ arsenal of defense takes a lot of planning, and expert staff. It involves disaster recovery, business recovery, crisis management, incident management, emergency management and contingency planning. The best way to incorporate it into the business strategy is to enroll the help of experienced managed service providers. They will have the specialized hands-on help to implement such programs.
Moreover, they will be able to monitor and review the system’s performance, as well as continually improve it. As usual, the StorageCraft team urges you to stay safe and make sure your data protection plan is up to date.