Security

How to calculate the cost of data breaches

The cost of data breaches in the US is on the rise. Wendi Whitmore, of IBM's X-Force Incident Response & Intelligence Services, tells how to reduce the cost of cyber-attacks.

While the global average total cost of data breaches for companies fell 10% this year, US companies saw a 5% increase in cybersecurity-related expenses.

Wendi Whitmore, team leader for IBM Security X-Force Incident Response & Intelligence Services, met with TechRepublic's Dan Patterson to discuss the causes of these costs and how companies can save.

SEE: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (TechRepublic)

This year, Europe saw a 26% decrease in average cost of breaches. One of the major differences between the US and Europe when it comes to costs is notification. Europe prioritizes notifying regulators, while the US prioritizes notifying impacted clients.

The majority of money spent by US-based companies after a data breach goes to notifying affected consumers. Costs begin to add up for US companies since each state has different regulations and laws.

SEE: Security awareness and training policy (Tech Pro Research)

Among all industries, healthcare and financial services continue to spend the most on damage control after data breaches.

What's unique about the healthcare industry is not only the amount of attack surface they have open but how rich their data is as well, Whitmore said. This particular industry attracts attackers because victims can't easily change their information. While people can change their credit cards, they can't change their medical history, or that they have high blood pressure.

However, employees need to be trained ahead of time as well.

Whitmore said the biggest impact is user-awareness. Employers need to educate their employees about the need to be aware of suspicious emails. Users should be able to recognize potential threats in an email, like invalid addresses and files containing malware.

The number one factor for reducing costs has stayed consistent for years: access to an incident response team, either internal or externally.

"The faster that you're able to detect an attack, and the faster you're able to investigate and contain an attack, the much reduce cost you're going to have," she said.

The IBM data breach calculator can be found here.


databreach.jpg
Image: iStock/kaptnali



More security news:

About Leah Brown

Leah Brown is the Associate Social Media Editor for TechRepublic. She manages and develops social strategies for TechRepublic and Tech Pro Research.

Editor's Picks

Free Newsletters, In your Inbox