Enterprise data breaches have proven to be costly. New research from Kaspersky has found that the cost of these breaches has risen to $1.41 million annually, up from $1.23 million in the previous year. An estimated 4,000 data breaches have already occurred during the first half of 2019, affecting over four billion users’ data. Consequently, enterprise organizations invested more in cybersecurity in 2019, with IT security budgets averaging $18.9 million compared to $8.9 million the previous year. Although the cost of each data breach has increased from year to year, Kaspersky’s survey, “IT security economics in 2019: how businesses are losing money and saving costs amid cyberattacks,” found that enterprises in 2019 have found ways to reduce these costs.
First, companies that have an internal Security Operations Center (“SOC”) limited their estimated cyberattack financial damage at $675,000, less than half the average impact of breaches in 2018. Internal SOC’s are typically responsible for the ongoing monitoring of security events and responding to incidents. Establishing an internal SOC, however, is no easy task. It includes recruiting analysts, building processes, and purchasing the necessary tools.
Second, the costs of a data breach can be reduced by creating a Data Protection Officer (“DPO”) position—34% of all companies that had a dedicated DPO reported no monetary loss. A DPO is typically charged with building and implementing a data protection strategy for an enterprise and managing compliance issues.
The report also indicated that outsourcing security measures to a Managed Service Provider (“MSP”) did not reduce financial loss resulting from data breaches. Rather, the survey showed that outsourcing may actually increase the financial impact of a data breach. In fact, the survey indicated that 23% of companies that outsourced their data security reported a financial impact between $100,000 and $249,000, while only 19% of businesses with an internal SOC team reported the same level of loss.
In sum, although these initiatives may seem difficult to justify at first, due to their potential strain on time and budgets, the numbers show that both initiatives are worthwhile investments as it will ensure that an enterprise is prepared for a data breach, allowing for a quick and efficient recovery.