In Making Business Sense of Technology Risk, I refer to studies conducted by the Ponemon Institute and sponsored by IBM Security.
Their latest Cost of a Data Breach Report again has some useful information.
You may be surprised to hear that the average cost of a data breach is just $3.9 million. That sounds far different than indicated by the alarm bells screaming at you from all sides. Healthcare costs are typically much higher than average. They are where the ‘megabreaches’ have typically occurred, although large companies in financial services and retail have also suffered huge public disasters.
Does it make sense to invest tens of millions of dollars or more when the average cost is relatively low?
That’s one of the issues tackled in the book. For a start, while the cost may appear low, the disruption to the business and its impact on customers and partners may be much more significant. A small out-of-pocket cost may hide the fact that significant enterprise objectives will now be much harder to achieve.
Another challenge is that resources to invest are limited. How does the leadership of an organization decide whether to invest in cyber, a new marketing campaign, an upgraded product offering, or to reduce supply chain risk?
Another factoid in the report is that despite advances in detection, the…
