The dreaded data breach is an outcome feared by companies of all sizes in today’s threat landscape, largely due to the significant costs involved. Each year, IBM’s eagerly anticipated Cost of a Data Breach Report seems to come with the bad news of an increase in data breach costs, and 2023 is no exception.
Threat actors continue their relentless pursuit of data as the most valuable company resource to compromise in cyberattacks.
The average cost of a data breach now stands at an all-time high of $4.45 million. While this overall figure receives much of the publicity in media reports, there’s less emphasis on how increasingly costly incident investigations drive much of this year-on-year increase.
Read on to dive deeper into why data breach investigations are so expensive and find out what your business can do to reduce these costs.
Data Breach Investigation Costs
Investigating a data breach involves a resource-intensive combination of technical, administrative, legal, and communication activities, which together prove rather pricey for companies. The 2022 IBM report marked the point at which incident investigations (referred to in the report as ‘detection and escalation’) took over as the costliest category of data breach expenses.
That trend continues in the 2023 report, which shows that detection and escalation cost an average of $1.58 million per breach, or over 35 percent of the total average cost.
But why are data breach investigation costs on the rise? Here are some factors driving the increased expenses:
- Complex IT Environments: Many companies operate in hybrid environments with data distributed across on-premises servers, multiple cloud providers, and even edge devices for an increased cyberattack surface. Apps run within containers and microservices architectures, which increases the complexity of tracking data flow and interactions. This complexity makes it harder to track sensitive data, monitor its use, and notice anomalies.
- Advanced Persistent Threats (APTs): Adversaries use increasingly sophisticated techniques and evasive malware to remain undetected for longer periods in IT environments, which drives up the time and costs of eventual detection and response.
- Volume of Data: The sheer amount of data generated and stored by companies continues to surge in a data-driven economy. Sifting through this massive data to detect anomalies or breaches requires both tools and expertise.
- Breach Escalation Shortfalls: While CISOs understand the importance of incident response plans, those plans are often ineffective when it comes to escalating data breaches internally. A scattergun approach can see key personnel pulled from their regular duties for lengthy periods, which can disrupt normal business operations. Writing thorough documentation can be labor-intensive, as can keeping leadership, board members, and shareholders informed while addressing their concerns. Organizational silos compound the problem by constraining the ability to coordinate across different departments when a breach is detected.
How to Reduce the Cost of Investigating Data Breaches
Reducing the cost of data breach investigations requires a mix of proactive and reactive measures to ensure not only that you’re ready when a breach occurs but also that you’re taking steps to prevent them in the first place.
Here are some suggestions for preventing data breaches in the first place:
Robust Information Governance
Information governance defines and enforces policies, procedures, standards, and controls around the management of data. The objective is to make sure that your company and its people handle data efficiently, securely, and in compliance with legal and regulatory obligations.
Robust information governance is pivotal for answering questions like what data you have, where it’s stored, and who has access to it. Policy-based controls and tools can help maintain an inventory of your information assets and delete unneeded data on time.
Uniform procedures mean that users are more likely to consistently handle and store data, regardless of their business department/unit. All of this helps to uncover gaps in protection for your data assets and reduce breach risks due to lax practices.
Ongoing Security Training and Awareness
Regularly educate employees about the importance of security and how to recognize phishing attempts and other threats. Employees should understand their responsibilities in handling data securely and know how to avoid risky practices, such as visiting untrusted websites. A security-conscious workforce goes a long way towards reducing risks from the significant human factor in data breaches.
Treat security training and awareness as ongoing throughout the year rather than an annual or quarterly internal box to tick. Regular reminders dotted around the office, a range of different media to spread awareness, and some fun exercises can all help reinforce what’s important to learn (and remember).
Continuous Vulnerability Management
Continuous vulnerability management (CVM) takes a more proactive approach to identifying, assessing, and addressing vulnerabilities in an organization’s IT environment. Vulnerability management is often too reactive, which leaves gaping holes that threat actors can find and exploit to access data. One study from 2020 found that 84 percent of companies had high-risk vulnerabilities that were accessible and exploitable at their network perimeter.
The CVM approach is to routinely scan your IT infrastructure for known vulnerabilities. Early detection allows your business to patch or mitigate vulnerabilities before hackers exploit them in their pursuit of data. With CVM, you’re more likely to apply software updates and patches and avoid data breaches that stem from outdated, vulnerable code.
Simulated Cyberattacks
Simulated cyberattacks involve security professionals attempting to breach your defenses in a scenario that mirrors a real-world cyberattack. Simulated attacks help pinpoint weaknesses in infrastructure, applications, and other systems that you didn’t even know about. Discovering these gaps proactively enables you to address them before they’re exploited ‘in the wild’ by data-hungry adversaries.
Another benefit of addressing weaknesses found during simulated attacks is that it’s typically less expensive than managing the fallout from a real data breach. Proactive testing can save significant costs in the long run from direct remediation expenses to reputational damages and potential fines.
Using Cyber Threat Intelligence to Respond to Breaches Faster
Effective forensic and investigative activities drive faster detection and response to data breaches. Delays in identifying and containing breaches lead to higher investigation costs. It takes companies 204 days on average to identify a breach and 73 days to contain each breach in 2023, as reported by IBM.
Actionable and reliable cyber threat intelligence (CTI) plays an instrumental role in informing forensic and investigative activities. As a result, good CTI helps you respond to breaches faster and more cost-effectively. CTI involves gathering, analyzing, and disseminating information about current and potential cyber threats and attack methods.
The difficulty with gathering good cyber threat intelligence is that it’s time-consuming, which is not ideal given that your in-house security staff deal with many other problems and priorities each day. Chronic labor market shortages don’t help; CTI requires experts who know what intel sources are good, and how to analyze data to distinguish between useful and useless information.
Despite its power in reducing data breach costs and keeping your fingers on the pulse of a rapidly evolving threat landscape, 79 percent of security professionals say they make decisions without any threat intelligence.
Get Modular CTI with Threat Compass
To overcome this dearth of intelligence-backed decisions when trying to swiftly detect and respond to data breaches, consider leveraging Cyber Threat Intelligence with Outpost 24’s Threat Compass. Our solution is modular, which means you get to select only the types of intelligence that you feel are most pertinent for your business, sector, and areas of cyber risk.
Our in-house team of analysts use 13+ years of historical threat data along with continuously trawling the open, deep, and dark web to discover customer-specific threat information. Available modules include CTI on data leakage, credit cards, and threat context. We’ll deliver the kind of information you need to reduce your company’s data breach investigation costs.
Learn more about Threat Compass CTI here.
Sponsored and written by Outpost24