A Data Breach Can Cost a CIO More Than Just Data


By Larry Loeb, on

A CIO can easily become inured to the constant litany of reported data breaches. These things have happened so many times to so many enterprises.

The cost of a data breach isn’t always clear or top of mind when it happens. Yes, the breach happened, and yes, there will be a cost. But where does the cost really lie? What happens to an enterprise after a breach? The Ponemon Institute took a close look at just these questions and came up with some disturbing observations.

Alligators in the Swamp

First, Ponemon characterizes a data breach as just another cost of doing business today. It is a constantly occurring event. It may be the new norm, like alligators in the swamp.

There will always be a direct cost associated with a breach. Circuit breakers have to be reset and the data needs to be salvaged — and hopefully it can. That extra effort will eventually show up in a line item somewhere.

The Real Cost of a Data Breach

But the real cost of a breach isn’t obvious at a first glance. The Institute found that the lost business accruing from the data breach is a secondary, non-direct cost that will add to the true cost of a breach. As they put it, “Following a breach, enterprises need to take steps to retain customers’ trust to reduce the long-term financial impact.”

Once breached, an enterprise may want to think about business continuity management to help in this kind of effort. These solutions, however, are bandages more than they are cures. BCM needs to be pre-positioned to be effective.

Don’t Be an Easy Target

Don’t worry: Preventative action can be taken. “Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches,” the Institute said. “This year’s study revealed a reduction in cost when companies participated in threat-sharing activities and deployed data loss prevention technologies.”

Those endpoint security solutions cannot be ignored. Sharing your vulns is fine, but preventing them is better.

What exactly those “data loss prevention technologies” should be is for trusted technical partners to determine, and it depends on the case. Nonetheless, this is more than putting a firewall on a network, by far. This is about learning where leaks can occur and making sure they don’t.

Protecting data is no longer just locking the silo in which it is contained; your efforts must take a wider view. Attacks can come from many directions, and having a partner with which you discuss the possibilities will only reduce the ways your data can be exposed — and the recoding costs involved if you lose it. This ultimately makes your security positioning harder to defeat by an attacker. When you’re harder to attack, the price due to data loss can be minimized.

Breachers like the easy targets; there are so many of them. Toughen up instead.

Topics: , , , ,