3 Ways to Mitigate the Cost of a Breach

2020 marks the fifteenth year that The Ponemon Institute produced its Cost of a Data Breach report.  Among the findings of the report, produced jointly by IBM security, is one that generates pause for many of those in the healthcare industry: while the average total cost for a data breach was $3.86 million across all sectors, this cost in the healthcare sector was nearly double that at $7.13 million.  This represents an increase of 10% from the 2019 study.

What does this mean for those in the healthcare sector?  Strengthening information security practices to avoid and mitigate breaches is paramount, and a key component of this effort is finding ways to diminish the cost of a breach.  In these times where many companies are closely watching the bottom line, there is good news: among the top cost-mitigating factors are three that with your people and processes.

1. Incident Response Plan and Testing

Incident response team formation and incident response testing comprise 2 of the top 3 cost mitigating factors affecting the average cost of a data breach, according to the Ponemon report.  Having a team in place before an incident occurs means that you will be able to respond and contain a breach more quickly.  A trained team will be able to react quickly and make good decisions during a breach.  You will know what steps to take, who to contact for assistance, and how to mitigate the damage a security incident can create.

2. Business Continuity Planning

Implementation of a sound business continuity program rounds out the top 3 cost mitigating factors.  Your business continuity program is essential during a data breach.  You will want to answer questions like: How will your organization continue to provide services to your customers?  Do you have data backups that can restore corrupt data, or data that is frozen by ransomware?  Are you able to ensure your systems remain secure when operating under an emergency plan?  And how do you go back to normal operations when a breach is finally over?  Planning for these questions in advance puts you in a strong position to recover effectively.

3. Employee Training

Employee training continues to be a top cost mitigating factor.  One of the most effective ways to prevent a breach is to ensure employees know their responsibility for information security, and how they can contribute on an individual basis.  They will learn how to keep your organization secure by not falling for e-mail scams like phishing and spear phishing, how to create strong passwords, and how to be cyber-aware while working from home.  A well-trained workforce with information security on the brain can not only help you avoid falling victim to a breach, but they can also be the first line of detection and help you discover an attack more quickly.

When it comes to securing your company’s systems, and your customers’ personal information, every effort counts.  Leveraging your work force’s skills and knowledge in these key areas to contribute to your breach resilience are great steps in the right direction.