Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/26/2016
09:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Post-Breach Costs And Impact Can Last Years

SANS study examines long-term effects of breach events.

The costs and implications of data breaches go far beyond the initial incident response and customer notification costs. In a new survey out by the SANS institute, only about one third of organizations are able to remediate breaches within a week of detection and the greatest financial impact from breaches extended months and even years beyond the event for the majority of organizations.

Conducted on behalf of Identity Finder, the SANS study took an in-depth dive into the post-breach ramifications of nearly 60 organizations. Coming from a fairly distributed range of organization sizes and industries, the study shows that even after remediation, over 60% of organizations still felt the impact from breaches. Meanwhile, the greatest financial impacts were felt long after the exposure occurred. Over 40% of organizations said they felt the biggest monetary pinch one- to 12 months after the fact.

These financial shocks often come from unexpected sources. For example, some organizations may recognize that there will need to be additional resources necessary to conduct forensics investigations during breaches, but don't realize they'll have to make unplanned purchases following an incident. Approximately 57% of respondents reported having to acquire additional tools for forensics or data recovery as a result of a breach.

Additionally, breaches frequently uncover root causes that require additional controls to prevent them from happening again and to keep the regulators at bay once an event brings their focus onto an organization. Nearly three-quarters of organizations needed to divert resources to bolster the development of administrative policies, and approximately 65% had to spend extra money on training and awareness programs following a breach. Additionally, 65% of organizations had to purchase technical tools outside the normal IT budget cycle, and over 60% needed to pick up physical controls in the wake of a breach. What's more, around a third of organizations realized they needed to add or change managed services to account for increased security after a breach.

"One could argue that these controls were needed anyway and that they should not be included in an accounting of post-breach costs. After all, having proactive security policies and procedures in place is always the best defense against a breach," wrote the report's author, Barbara Filkins. However, the fact that these purchases and resource allocations were sudden and unplanned invariably means they threw off the balance of budgeting and caused disruption in the flow of IT operations -- versus taking a pre-emptive and measured approach to increasing controls.

As things stand, fewer than half of organizations carry cyber insurance for breach events, and only about a third of organizations had enough coverage to completely cover post-breach costs, according to the report.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
andrew_hay
100%
0%
andrew_hay,
User Rank: Author
1/26/2016 | 10:56:30 PM
Too small a sample size

"The survey sample began with 10 telephone interviews, which were followed by a 30-question survey taken by 59 participants involved in quantifying losses and responding to breaches of sensitive information. Of those, 26 experienced true breaches and finished the survey questions."

So the n value is 26? That is far too small a sample to draw any conclusions from. For example:

"Well over half of the survey respondents (64%) reported that the breach they described did not receive media attention."

The percentage sounds significant but it's really only 16 or 17 people.

<<   <   Page 2 / 2
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16680
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16681
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16677
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&amp;do=del allows CSRF.
CVE-2019-16678
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16679
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.