HealthcareIT News
By Bernie Monegain | July 05, 2017
Average cost per lost or stolen record is less for organizations employing BCM, group finds.
The Ponemon Institute surveyed 1,900 individuals from 419 companies in 16 countries. Of the 419 companies, 226 self-reported they have BCM involvement in resolving the consequences of a data breach. Of these companies, 95 percent rate their involvement as very significant.
The study revealed that companies who employ a BCM program that incorporates disaster recovery automation and orchestration saw a 39.5 percent reduction in average cost per day of a data breach, compared to companies with no BCM or disaster recovery. It means a net difference of $1,655 per day.
[Also: Cost of data breaches climbs to $4 million as healthcare incidents are most expensive, Ponemon finds]
BCM reduces the total average time to identify and contain a data breach incident by 78 days, according to the Pomenon study. The result: Average savings of $394,922 over that response time period. The average total cost of data breach with BCM involvement was $3.35 million, compared to the $3.94 million cost for organizations operating without BCM programs.
The study also found 95 percent of companies surveyed indicated that uniting their BCM and IT security functions – BCM/cybersecurity cooperation, crisis management expertise across departments, joint cyber-simulation testing – had a significant impact on mitigating the effects of a data breach.
The average cost per lost or stolen record can be as high as $152, the group also found. With BCM involvement the average cost can be as low as $130.
The survey found 76 percent of companies without BCM involvement had a material disruption to business operations. This decreases to 55 percent for companies involving BCM in advance of the data breach.
And lastly, 52 percent of companies surveyed with BCM involvement said their reputation or brand had been negatively impacted because of a data breach. However, 62 percent of companies without BCM involvement said their organization’s brand and reputation was negatively affected.