Cloud

7/7/2017
01:17 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IBM, Ponemon: Business Continuity Management Helps Save Time and Cost Post-Breach

Cloud resiliency orchestration is transforming business continuity to help companies achieve consistent business objectives.

ARMONK, NY – June 29, 2017: IBM today announced the results of an IBM sponsored global study examining the impact of business continuity management (BCM) on the cost of a data breach, which revealed that companies using BCM and disaster recovery services reduces the total average time to identify and contain a data breach incident by 78 days, resulting in a total average savings over that response time period of $394,922. The average total cost of data breach with BCM involvement was $3.35 million, significantly less than the $3.94 million cost for companies operating without BCM programs.

BCM is recognized as a valuable addition to data breach incident response planning, according to the study, which was conducted by the Ponemon Institute and surveyed 1,900 individuals from 419 companies in 16 countries. Of the 419 companies, 226 companies self-reported they have BCM involvement in resolving the consequences of a data breach. Of these companies, 95 percent rate their involvement as very significant (65 percent) or significant (30 percent).

“Executing business continuity management strategies to respond to data breach incidents is increasingly a top business priority for companies worldwide,” says Laurence Guihard-Joly, General Manager of IBM Global Resiliency Services. “Automating and orchestrating these disaster recovery and business continuity plans will help to not just protect sensitive data, but also ultimately boost productivity, strengthen competitiveness in the marketplace, and deliver greater return on investment in the long term.”

Resiliency Orchestration Makes the Difference

Cloud-based resiliency orchestration and disaster recovery automation are driving efforts to transform business continuity programs in the age of automation and cognitive computing. The study shows that companies who utilize a BCM program that incorporates disaster recovery automation and orchestration saw a 39.5 percent reduction in average cost per day of a data breach, compared to companies with no BCM or disaster recovery. This represents a net difference of $1,655 per day.

Resiliency orchestration – a cloud-based approach that uses disaster recovery automation and a suite of continuity-management tools designed specifically for hybrid-IT environments – shifts the burden of complexity and testing from IT professionals to intelligent workflows that automate the entire process and offer greater visibility, from incident identification, to analysis, to solutions. Introducing these technologies can reduce the time IT professionals spend monitoring critical applications and analyzing issues, giving them more time so they can innovate and develop new applications for the future.

“Business continuity management continues to play an important role in determining the impact of data breaches that put organizations at risk worldwide,” says Dr. Larry Ponemon. “As companies create, develop, and execute their business resiliency strategies going forward, they must consider all possible options to mitigate the effects of a data breach and keep IT infrastructures secure and available for themselves and their clients.”

Additional Key Findings

· 95 percent of companies surveyed indicated that uniting their BCM and IT security functions (BCM/cybersecurity cooperation, crisis management expertise across departments, joint cyber-simulation testing) had a significant impact on mitigating the effects of a data breach.
· The average cost per lost or stolen record can be as high as $152. With BCM involvement the average cost can be as low as $130.
· 76 percent of companies surveyed without BCM involvement had a material disruption to business operations. This decreases to 55 percent for companies involving BCM in advance of the data breach.
· 52 percent of companies surveyed with BCM involvement said their reputation or brand had been negatively impacted because of a data breach. However, 62 percent of companies without BCM involvement said their organization’s brand and reputation was negatively affected.


To view the full study results and learn more, visit https://ibm.co/1JYQqlO.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.