Research Revealed Data Breach Response Programme
By Dr. Theo Lynn, IC4 Lead PI - Irish Centre for Cloud Computing and Commerce (IC4)
Trust is widely reported as a major barrier to cloud computing growth and adoption and specifically data breaches. A 2015 study by IC4 member, IBM, and the Ponemon Institute highlight three significant trends:
1. Cyber attacks are increasing in frequency (42% to 47% YOY) and in the cost to remediate the consequences ($159 to $170 per record breached YOY).
2. The consequences of lost business are having a greater impact on the cost of data breach (Avg. lost business estimated grown from $1.33m to $1.57m YOY).
3. Data breach costs associated with detection and escalation increased ($0.76m to $0.99m YOY).
While the IBM-Ponemon study focuses primarily on larger companies, small to medium sized companies cannot afford to be complacent, particularly those companies wishing to conduct business in high-risk high-cost sectors or countries. This is a primary reason why IC4, at the behest of its members, has taken on a year-long data breach research programme looking at incidences of data breaches, their causes, the impact and effective responses.
Preparation is critical for reducing the cost of data breaches. This includes a data breach response plan appropriate to your organisation size, sector and target markets. IC4’s first deliverable from this research programme is a data breach response plan template for Irish companies, and primarily SMEs. The template is designed to help IC4 members to structure their thinking with regards to data breach response and includes sections on Incident Response Team Roles and Responsibilities, Incident Detection and Reporting, Data Breach Incident Ratings and Risk Assessment, Incident Handling and Response and External Breach Notification. The template also includes useful document templates for Data Breach Incident Reports, Breach Notifications and Impact Severity.
The Data Breach Response Template is currently in draft form and available to IC4 members for feedback. A hands-on members workshop is scheduled for September.