IBM Services has released the results of a global Ponemon Institute study exploring the impact that business continuity management can have on the cost and frequency of data breaches; it shows 10 ways in which BCM provides quantifiable benefits.
The ‘2018 Cost of Data Breach Study: Impact of Business Continuity Management’, survey report sponsored by IBM and conducted by the Ponemon Institute, reinforces the call for new solutions to combat evolving cyber threats around the world. The longer it takes to identify, contain, and recover from a data breach, the more it consumes significant time, money, and resources throughout an organization.
According to the research, BCM programs can reduce the per capita cost of data breach, the mean time to identify (MTTI) and the mean time to contain (MTTC) a data breach and the likelihood of experiencing such an incident over the next two years.
On average, responding companies that prioritize business continuity management saved 44 days in the identification of the incident and 38 days in the containment of the data breach.
According to the study, which included responses from 477 companies in 17 industries in 13 countries, business continuity management provides the following 10 important benefits:
- BCM significantly reduces the time to identify and contain a data breach incident because of a more structured and disciplined approach to responding to adverse events.
- BCM is recognized as a valuable addition to data breach incident response planning. Of the 477 companies in the global, 262 companies self-reported they have BCM involvement in resolving the consequences of a data breach.
- BCM significantly reduces the cost of a data breach. Without BCM involvement, the average cost of a data breach was $157 per record. With BCM involvement the average cost was $139.
- BCM saves costs per day. Companies that involve BCM or the disaster recovery (DR) team in the response to data breach achieve an average per day savings of $5,7035 through containment of the data breach response.
- BCM reduces the likelihood of having recurring data breaches. If BCM is not involved in data breach planning and execution, the likelihood of having a data breach sometime over the next 2 years is 32.3 percent. Whereas, if BCM is involved this likelihood drops to 23.4 percent, a decrease of 32 percent in the likelihood of a breach recurring.
- BCM minimizes disruptions to business operations when a data breach occurs. According to the findings, 78 percent of companies without BCM involvement had a material disruption to business operations. This decreases to 56 percent for companies involving BCM in advance of the data breach.
- BCM improves the resilience of IT operations. 69 percent of companies without BCM involvement said they had a material disruption to their IT operations. In contrast, 58 percent of those with BCM involvement said IT operations were materially disrupted.
- BCM diminishes the negative impact on the company’s reputation following a material data breach. Specifically, 50 percent of companies with BCM involvement said their reputation or brand had been negatively impacted because of a data breach. However, 65 percent of companies without BCM involvement said their organization’s brand and reputation was negatively affected.
- BCM involvement reduces the average per day cost of a data breach. In this year’s study, the average data breach cost per day for companies in the BCM group is $4,881. In contrast, non-BCM companies had a much higher average per day cost of $6,705.
- DR automation and orchestration reduces the per day cost of a data breach. BCM companies that have a manually operated DR process experienced an estimated average cost of $6,546 per day. In contrast, BCM companies deploying an automated DR process that provides resiliency orchestration experienced a much lower average cost per day of $3,100.
To download the 2018 Cost of Data Breach Study: Impact of Business Continuity Management, visit https://ibm.co/2O9kCHS.