HOW TO MINIMIZE THE FINANCIAL IMPACTS OF A DATA BREACH?

11 Nov HOW TO MINIMIZE THE FINANCIAL IMPACTS OF A DATA BREACH?

The Cost of a Data Breach Report (“Report“), conducted by the Ponemon Institute and published in 2021 by IBM Security, besides bringing data on breaches that occurred between May 2020 and March 2021, brought a few recommendations to lower the cost and thus the impact of a data breach.

Key recommendations in the report include:

(i)         Investment in security orchestration, automation, and response (“SOAR”) to help improve detection and response times; being certain that the use of artificial intelligence and security automation have proven and significantly decreased the average time to identify and respond to a data breach resulting in a lower average cost.

(ii)        Adoption of a zero-trust security model to help prevent unauthorized access to sensitive data. The organizations that implemented the zero-trust model had an average breach cost $1.76 million lower than organizations without zero-trust.

(iii)       Conducting incident response plan stress testing to increase cyber resiliency. Those organizations that put together incident response teams and tested their incident response plans had a total average cost of a data breach $2.46 million lower than organizations that experienced a breach without a tested incident response plan.

(iv)       Use of tools that help protect and monitor remote terminals and employees.

(v)        Investment in control, risk management and compliance programs; an internal framework for audits, assessing risk across the enterprise and monitoring compliance with control requirements, can help improve an organization’s ability to detect a data breach and escalate containment efforts.

(vi)       Protection of sensitive data in cloud environments using policy and encryption.

(vii)     Adopting an open security architecture and minimizing complexity of IT and security environments; security tools with the ability to share data between disparate systems can help security teams detect incidents in complex hybrid multi-cloud environments. A managed security services provider can also help simplify security and risk with continuous monitoring, integrated solutions and services.

To provide these recommendations, based on a global average, the Report combined results of evaluations conducted by537 organizations located 17 countries and regions and established in 17 fields.

This article is intended exclusively to provide information and does not contain any opinion, recommendation or legal advice from Kestener & Vieira Advogados concerning the matters herein addressed. Copyrights are reserved to Kestener & Vieira Advogados.