IBM, Ponemon: Business Continuity Management Helps Save Time and Cost Post-Breach

Cloud resiliency orchestration is transforming business continuity to help companies achieve consistent business objectives.

July 8, 2017

3 Min Read


ARMONK, NY – June 29, 2017: IBM today announced the results of an IBM sponsored global study examining the impact of business continuity management (BCM) on the cost of a data breach, which revealed that companies using BCM and disaster recovery services reduces the total average time to identify and contain a data breach incident by 78 days, resulting in a total average savings over that response time period of $394,922. The average total cost of data breach with BCM involvement was $3.35 million, significantly less than the $3.94 million cost for companies operating without BCM programs.

BCM is recognized as a valuable addition to data breach incident response planning, according to the study, which was conducted by the Ponemon Institute and surveyed 1,900 individuals from 419 companies in 16 countries. Of the 419 companies, 226 companies self-reported they have BCM involvement in resolving the consequences of a data breach. Of these companies, 95 percent rate their involvement as very significant (65 percent) or significant (30 percent).

“Executing business continuity management strategies to respond to data breach incidents is increasingly a top business priority for companies worldwide,” says Laurence Guihard-Joly, General Manager of IBM Global Resiliency Services. “Automating and orchestrating these disaster recovery and business continuity plans will help to not just protect sensitive data, but also ultimately boost productivity, strengthen competitiveness in the marketplace, and deliver greater return on investment in the long term.”

Resiliency Orchestration Makes the Difference

Cloud-based resiliency orchestration and disaster recovery automation are driving efforts to transform business continuity programs in the age of automation and cognitive computing. The study shows that companies who utilize a BCM program that incorporates disaster recovery automation and orchestration saw a 39.5 percent reduction in average cost per day of a data breach, compared to companies with no BCM or disaster recovery. This represents a net difference of $1,655 per day.

Resiliency orchestration – a cloud-based approach that uses disaster recovery automation and a suite of continuity-management tools designed specifically for hybrid-IT environments – shifts the burden of complexity and testing from IT professionals to intelligent workflows that automate the entire process and offer greater visibility, from incident identification, to analysis, to solutions. Introducing these technologies can reduce the time IT professionals spend monitoring critical applications and analyzing issues, giving them more time so they can innovate and develop new applications for the future.

“Business continuity management continues to play an important role in determining the impact of data breaches that put organizations at risk worldwide,” says Dr. Larry Ponemon. “As companies create, develop, and execute their business resiliency strategies going forward, they must consider all possible options to mitigate the effects of a data breach and keep IT infrastructures secure and available for themselves and their clients.”

Additional Key Findings

· 95 percent of companies surveyed indicated that uniting their BCM and IT security functions (BCM/cybersecurity cooperation, crisis management expertise across departments, joint cyber-simulation testing) had a significant impact on mitigating the effects of a data breach.
· The average cost per lost or stolen record can be as high as $152. With BCM involvement the average cost can be as low as $130.
· 76 percent of companies surveyed without BCM involvement had a material disruption to business operations. This decreases to 55 percent for companies involving BCM in advance of the data breach.
· 52 percent of companies surveyed with BCM involvement said their reputation or brand had been negatively impacted because of a data breach. However, 62 percent of companies without BCM involvement said their organization’s brand and reputation was negatively affected.

To view the full study results and learn more, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights