Three Ways to Reduce the Cost of a Data Breach

Em Blog Data Breach Main Image

Proven strategies can save hundreds of thousands of dollars

The average cost of a data breach in 2022 is $4.35 million USD, according to the 2022 Cost of a Data Breach report published by IBM Security and Ponemon Institute.1 That’s an all-time high.

The report also looks at factors that impact the total cost of a data breach, both positively and negatively. The top three factors that reduced the cost of a data breach were:

  1. Artificial intelligence (AI) platforms
  2. DevSecOps approach
  3. Formation of an incident response (IR) team

Combined, the average savings of these factors total $828k, or 19% of the total breach cost. Let’s take a look at what each of these entails and how they can help you prevent or reduce the damage of a data breach.

1. AI Platforms

AI is taking a bigger role in cybersecurity, such as learning to detect previously unknown threats and predicting how and where an organization is most likely to be breached. AI is also used as part of Identity and Access Management (IAM) to evaluate access requests for suspicious behavior.

Automation and AI can reduce the risk of human error (the cause of 21% of data breaches, according to IBM) as well as IT failures, such as bad source code (the cause of another 24% of breaches). The report found that deploying AI and security automation was not only the largest contributor to reducing the cost of a data breach, but it also shaved 74 days off the average time to find and contain a breach (from 323 days down to 249).

Gartner predicts the worldwide revenue for AI will increase by 21.3% in 2022 over 2021, but it also cautions that maturity lags behind interest.2 While 48% of CIOs have or plan to deploy AI and machine learning, analysts have found organizations are doing more AI experiments than employing it as part of standard operation. However, the data so far is promising, and AI will likely have a growing role in cybersecurity.

2. DevSecOps Approach

In today’s fast-paced software development schedule, security represents a big hurdle. One study found that 27% of respondents admitted their application development and DevOps teams don’t work with their cybersecurity teams for fear it will slow them down.3 Thus organizations are attempting to help security “shift left” by moving security earlier in the development cycle rather than near or at the end.

In the simple software development lifecycle diagram above, outlining a traditional development or DevOps path, security often doesn’t get involved until the integration and test phase. DevSecOps means involving security much earlier, ideally in the planning phase, to ensure applications aren’t released with vulnerabilities or other flaws.

When the development, operations, and security teams collaborate from the start, there are no bottlenecks at the end of development. Ultimately, this cooperation builds stronger, more secure applications with a quicker turnaround time. It also results in more secure applications, reducing the risk of a data breach.

3. Formation of an IR team

It’s important to note that an IR team is not the same as the security team. It is a cross-functional team that coordinates during security incidents, also known as a computer security incident response team (CSIRT). The team is frequently comprised of:

  • Team leader or executive sponsor that handles executive and board communication
  • Incident manager who drives meetings and action items
  • Lead investigator, a technical team member with a cybersecurity background
  • PR to handle external communication about the incident
  • Legal counsel to advise on disclosure of an incident or other legal fallout
  • Human resources representative to manage personnel-related issues, such as a malicious insider

The team should participate in crafting a formal incident response plan, something a UK government survey found that only 19% of companies have.4 The IR team ideally should meet regularly to recommend updates to the plan as well as conduct table-top exercises to practice and refine response processes. With 83% of surveyed organizations reporting they’ve been breached more than once5, consider investing in one or more of these strategies to reduce your risk and respond more efficiently to security incidents.

  1. IBM, Cost of a Data Breach, July 2022
  2. Gartner, Gartner Forecasts Worldwide Artificial Intelligence Software Market to Reach $62 Billion in 2022, November 2021
  3. Enterprise Strategy Group, Securing Cloud-native Applications, March 2021
  4. UK Department for Digital, Culture, Media & Sport, Cyber Security Breaches Survey 2022, July 2022