Over the last several years companies have been struggling harder than ever to implement more and more complex measures to defend against data breaches, as such breaches have represented astronomical losses to many organizations. Last month however, a study was released which looked at roughly fifty companies in more than a dozen various industries, revealing, for the first time in nearly a decade, a decline in the cost of data breaches of nearly $2 million on average.
The organization behind this survey has stated that they believe there to be a correlation between this decline in costs and the hiring of a Milwaukee vCISO.
(CISO). A CISO is made responsible for overseeing the a company’s security practices as well as maintaining authority over any third-party consultant that may be hired to assist in the designing and implementation of a data security corporate governance program. This study has shown that having such an individual can save companies a nearly twice the amount saved by the use of an external consultancy per individual loss. However, monetary losses are not the only things that can be reduced, but the impact on a company’s reputation may be reduced as well. While the hiring of CISO, as well as the cost of enlisting the services of external help can be expensive, the end is well worth the means when put into perspective against the amount that may be otherwise accrued in losses.
Yet another possible explanation for this decline in costs is speculated to be an apparent apathy on the part of many consumers with regard to the loss of their personal information. While no data has yet been collected to test this assumption, it has been reasoned that, given the vast number of other problems currently facing the general public, that the loss of this information simply does not rate that high on their list of concerns.Though that is not to say that individuals no longer care about their privacy, it has become more apparent that these small data losses do not equate to identity theft. On a broader scope it has been suggested that perhaps the exponential growth of the digital world is leading us towards an age in which such privacy will be a thing of the past and this general information is more readily available. Whatever the cause of this apathy may be, businesses are still seeing fewer negative reactions on the part of their customers when breaches occur.
Despite the good news these cost reductions may represent to companies, this does not meant that organizations should now allow themselves to become complacent in their risk management and mitigation strategies regarding data losses.In fact, given this slight reprieve in the stress being put on companies to avoid such problems, now is the time that companies should be redoubling their efforts and investing more in these programs to help ensure their enduring effectiveness in hopes of further reducing such losses and their inherent costs.Also, this should not require any grand effort on the part of companies beyond the hiring of a CISO as mentioned above and the creation of a few carefully drawn up policies and disclosure and notification documents to act as safeguards.