Home / Technology / Data Breach Response Plan And Trends: Everything You Should Know About Them
Data Breach Response Plan

Data Breach Response Plan And Trends: Everything You Should Know About Them

Data security is gaining increased importance with each passing day. As data breaches become increasingly common, companies of all sizes and industries face pressure to execute reliable data protection measures and data breach response plans. Last year was no different, as regulators and cyber attackers increased this pressure on all countries’ organizations. Many new trends related to data breaches and their response plans are emerging nowadays in such a situation. Various factors cause these trends, and if you, too, are planning to put your data breach response plan in place, you need to know about these trends. That’s why we’ve decided to put them together in this article. Let’s begin with an explanation of the data breach response plan first.

Understanding A Data Breach Response Plan

As it seems by its name, a data breach response plan is the strategy that you adopt to respond in the situation of a data breach. It’s a set of actions that allow organizations to act swiftly in a coordinated manner as soon as they detect a data breach.

The steps included in this plan may be both technical (i.e. encryption of data, systemwide scanning of anti-malware software, regeneration and buy SSL certificates, etc.); and procedural (the precautions needed to be taken by the employees). This plan’s primary purpose remains to minimize the organization’s financial and reputational damage that the breach can cause.

Factors That Impact Data Breach Response Time

Many factors impact the response time of a company in case of a data breach.

Time Consumed In Detection:

Before you can respond to a data breach, you need to know that your data has been compromised. If you don’t come to know of the violation for a long time, you won’t be able to respond to it until the damage has been done. Therefore, it’s necessary to have robust data breach detection procedures and tools in place.

Lack Of A Clearly Defined Response Plan:

Once the breach has been discovered, the next step is to swing into action. However, the actions required to be taken must be articulated clearly. If your response plan in the situation of a data breach is not predetermined or defined clearly and concisely, you’ll find yourself and your team wondering what to do next. This can give the attacker the crucial time that he needs to increase the damage further.

Outdated Technology:

Often, the time consumed in responding to an attack or data breach is increased because of the organization’s obsolete technology. For instance, many of the first steps involved in a data breach response plan can be automated with the latest security software’s help, which can reduce your response time and increase difficulties for the attacker even before your team comes into action.

But if the tech stack being used by your organization is outdated, it becomes difficult to achieve because such features may or may not be present in your tools.

Privacy Laws:

Finally, law enforcement sometimes affects how quickly companies detect and respond to a data breach. In countries where the law requires companies to report a data breach within 72 hrs, companies are more alarmed about cyberattacks and data breaches. So the law of a country also affects whether or not companies quickly respond to data breach incidents.

With that in mind, now let’s take a look at the average data breach detection and containment times of various industries.

Average Time To Detect And Contain Data Breaches By Industry

The response time of companies involved in various industries varies significantly. According to a 2018 data breach report published by IBM, while companies engaged in the energy industry respond to a data breach in 150 days on average, companies involved in entertainment take up to 287 days. Here’s a summary of the average data breach response times for various industries based on that report:

IndustryData Breach Detection TimeData Breach Containment Time
Entertainment287 days80
Healthcare255 days103
Media225 days78
Education217 days84
Retail208 days69
Hospitality195 days72
Consumer194 days82
Transportation192 days60
Services191 days66
Pharma190 days63
Public sector190 days57
Technology179 days60
Communications173 days58
Research169 days53
Manufacturing168 days63
Financial Services163 days54
Energy150 days72

These are alarming figures because of how much damage can be done by an attacker in an extended dwell time. But an even more concerning part of the picture is that even after detection, it takes at least seven weeks to contain them. This proves that there’s a need to educate people in various industries about data breaches, detect them, and quickly respond to them.

Average Cost Of Data Breach For Various Industries

We already know how long it takes for each industry to detect and contain a data breach on average. But if we want to learn more from that data, we need to compare it with the cost of attack for all these industries. So here’s a snapshot of how much a data breach costs per capita for industries mentioned above:

IndustryCost of Data Breach (per capita)
Entertainment$145
Healthcare$408
Media$134
Education$166
Retail$116
Hospitality$140
Consumer$120
Transportation$128
Services$181
Pharma$174
Public sector$75
Technology$170
Communications$128
Research$92
Manufacturing$152
Financial Services$206
Energy$167

To understand these costs, it’s important to note what Per Capita Cost means here. According to IBM’s report, the number of records compromised from each company involved in their study stood between 2,500 to 100,000 records in a single data breach.

Each record represents a real-world user whose data was stolen. The tabulated costs represent the average loss that each of those users had to incur because of the breach. If you do the maths, it’s not difficult to find out the scale of these numbers now:

  • Minimum loss: $75 * 2,500 users = $187,500
  • Maximum loss: $408 * 100,000 users = $40,800,000

In short, the cost of a data breach for an average company ranges between $187,000 to $41 million. You can find the minimum and maximum range for your industry by dividing the average cost per capita of your industry by the maximum and the minimum number of records that can be compromised (i.e. 2,500 and 100,000, respectively).

Data Breach Response Time Trends

When we compare the cost of data breaches against the detection and containment time of data breaches for all industries, the following trends emerge clearly:

First of all, most companies are highly unaware of data breaches’ threats and how to deal with them. That’s why they take so many days to detect a breach and contain it. Many of them don’t even have the necessary security features implemented in their websites and servers (i.e. SSL certificates, strong passwords, malware scanners, etc.), making stealing their data easy.

The Healthcare industry has the highest cost of data breach attacks. Perhaps that is because of the long time it takes in detecting the attacks, while the sensitivity of data that remains with such companies is significant.

The financial services industry has the second-highest cost for data breaches, even though it detects and contains the attacks more quickly than most other industries. That may be the case because it’s a highly regulated industry – not detecting and preventing an attack promptly results in steep fines over companies involved in this business.

Tech companies and pharma contain their attacks in 60 days on average but still experience a relatively higher data breach cost. Again, the cause may be the nature of data that can be stolen from such companies – patents, product information, and other sensitive information that can harm the companies’ reputation, many of which also tend to be listed on the bourses.

Conclusion

So that was some of the critical information about data breaches and their trends. All this information further affirms the need to educate employees in your organization about data breaches and devise a clear Data Breach Response Plan. If you don’t do that in time, your business may also join the long list of companies that learn this lesson the hard way. Don’t let it happen and put a data breach response plan in place today.

About Yashwant Shakyawal

Check Also

trends in app design

10 Top trends in app design for 2021

Following the top trends in app design is necessary. If a company wants to have plenty of users and engaging followers, they need to step into the shoes of the newest trends. But, how can you know what will be popular next week, month, or even a year? Especially when it comes to styles of …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.