Incident Response Value in Data Breach Impact Reduction
by Raymund Taylun, Senior Security Advisor
6 January 2021
As we start the year 2021, it is the best time to reflect and assess how effective your current incident response is in handling cyber attacks and data breaches.
COVID-19 made a huge change in how organisations do things, especially in the cyber world. Most businesses have enabled their employees to work remotely and this has increased the attack surface for cyber criminals.
Now, we have seen how cyber criminals used ransomware to level up their tactics in 2020 and ensure higher success rates of their cyber attacks. Organisations like Garmin and Blackbaud are some of the names that surfaced the news who were victims of ransomware and gained first-hand experience of how incident response should be managed to mitigate and reduce the impact of a data breach.
According to an IBM data breach report, the average total cost of a data breach declined slightly by 1.5% from 2019 to 2020. One of the factors that affected this figure is companies who have both deployed an incident response (IR) team and tested their IR plans using tabletop exercises or simulations. Based on the survey, the cost difference from companies with neither an IR team nor testing of their IR plan is $2 million.
Incident response plans need continuous testing. With the rapidly evolving cyber threat landscape, the effectiveness of today’s response plans will be lesser tomorrow. An incident response plan’s main goal is to increase cyber resilience and once an organisation lacks proper testing of their IR plan, this reduces the organisation’s ability to respond quickly and effectively to cyber attacks.
Every test of an incident response plan on a complex security system has a cost, a cost that other organisations may not consider due to lack of awareness or risk assessment. Once an incident response team and comprehensive incident response plan testing are combined, organisations can increase their control over cyber attack handling, thus reducing the cost of a data breach.