Ponemon: Business continuity management vital for data breach recovery
An IBM-sponsored global study examining the impact of business continuity management on the cost of a data breach, concludes companies that use business continuity management and disaster recovery services recover more quickly than those who don’t.
The Ponemon Institute surveyed 1,900 individuals from 419 companies in 16 countries. Of the 419 companies, 226 self-reported they have BCM involvement in resolving the consequences of a data breach. Of these companies, 95 percent rate their involvement as very significant.
The study revealed that companies who employ a BCM program that incorporates disaster recovery automation and orchestration saw a 39.5 percent reduction in average cost per day of a data breach, compared to companies with no BCM or disaster recovery. It means a net difference of $1,655 per day.
BCM reduces the total average time to identify and contain a data breach incident by 78 days, according to the Pomenon study. The result: Average savings of $394,922 over that response time period. The average total cost of data breach with BCM involvement was $3.35 million, compared to the $3.94 million cost for organizations operating without BCM programs.
“Business continuity management continues to play an important role in determining the impact of data breaches that put organizations at risk worldwide,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.
The study also found 95 percent of companies surveyed indicated that uniting their BCM and IT security functions – BCM/cybersecurity cooperation, crisis management expertise across departments, joint cyber-simulation testing – had a significant impact on mitigating the effects of a data breach.
The average cost per lost or stolen record can be as high as $152, the group also found. With BCM involvement the average cost can be as low as $130.
The survey found 76 percent of companies without BCM involvement had a material disruption to business operations. This decreases to 55 percent for companies involving BCM in advance of the data breach.
And lastly, 52 percent of companies surveyed with BCM involvement said their reputation or brand had been negatively impacted because of a data breach. However, 62 percent of companies without BCM involvement said their organization’s brand and reputation was negatively affected.