Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools

6 years ago Anthony Israel-Davis
Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools

The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with its information so that you can do your own analysis and/or dig into aspects relevant to you and your industry.

The obvious finding is that data breaches are expensive. The average cost of data breach is between $3 million and $4 million. That million-dollar difference is based on how long the data breach lifecycle lasts. The breakpoint is the 200-day mark. Shortening the lifecycle reduces the cost, so anything you can do to reduce the time it takes to identify a breach, contain it and take the appropriate corrective actions will save you money.

Fortunately, the report points to some ways to blunt the impact of a breach or, better yet, prevent one from occurring in the first place. Here is where I see the biggest returns on investment based on the report’s findings.

Number One Exposure: Cloud Configuration

The leading cause of breaches in 2020 was misconfigured cloud deployments. This isn’t surprising given how many companies are moving their infrastructure to public cloud platforms. With this move, unfamiliar technologies and new ways of managing infrastructure are introduced; the cloud offers quick and easy deployments without the well-known guardrails of a traditional data center. It’s like moving into a new house, only it’s a huge mansion with doors everywhere, and some of them are hidden in surprising places. This complexity makes room for human error and misconfiguring cloud-based data.

Luckily, you can hire someone to go through the house, find all the entrances, show you where they are and secure them for you. This is exactly what tools like Tripwire’s Cloud Management Assessor do. Securely configuring the cloud prevents or greatly reduces the chance that data there will be maliciously accessed or stolen.

Further Reading on Cloud Security:

  1. Top 5 Cybersecurity Risks with Cloud Migration
  2. Most security pros are concerned about human error exposing cloud data
  3. Survey: 76% of IT Pros Say It’s Difficult to Maintain Security Configs in the Cloud

Reducing the cost of a breach

There are a host of things that can help to reduce the cost of a breach either by limiting the event’s duration or severity. There are three that stood out to me in the report. Not all of them require purchasing a technical control set.

1) Preparedness

Imagine an orchestra is performing in front of a live audience. When they come out to play, there is no conductor, and they don’t know what music they’ll be performing until they are seated on the stage. When they start to play, it won’t sound very good, and it may take a while for them to get in synch. Even then, there will be mistakes as players work through the music for the first time.

This is the same situation your security and IT teams are in if they haven’t prepared for a breach. Even worse, they may not have an instrument or done any practice recently.

Like an orchestra, sports team or first responder, practicing for the show, game or emergency event ensures a more successful outcome. In the Cost of Data Breach report, there were several things that led to cost reduction, which I’ve grouped under-preparedness. These are as follows: incident response training, business continuity, building an incident response team and employee training (e.g., phishing simulations and security awareness). It’s not surprising that preparing for a breach and response practice would make identification and resolution quicker, thereby making the costs and time of implementing these controls worthwhile.

According to the Cost of Data Breach report, the programs I have grouped under ‘preparedness’ would reduce the cost of a breach by almost $1 million on average.

Further Reading on Business Continuity and Incident Response:

  1. Business Continuity Requires Infrastructure Continuity in Times of Remote Working
  2. SANS 2019 Incident Response Survey: Successful IR Relies on Visibility
  3. Why You Need a Concrete Incident Response Plan (Not Strategy)

2) Vulnerability Management

Ignorance is not bliss when it comes to weaknesses in your enterprise, which is why one of the top five CIS critical security controls involves continually identifying and addressing vulnerabilities in your environment. A strong vulnerability management program can prevent a breach or significantly limit its impact, reducing the cost by almost $175k on average. That goes up to $400k if you include red-team testing as part of the program. Much like cloud configuration, finding weaknesses in applications, operating systems and network configurations allows you to prioritize and remediate those weaknesses. The quicker you can do that, the less likely it is that the weakness will be exploited.

Further Reading on Vulnerability Management:

  1. The Center for Internet Security (CIS) Use Cases and Cost Justification
  2. Effective Threat Intelligence Through Vulnerability Analysis
  3. Climbing the Vulnerability Management Mountain

3) Managed Security Services

The cyber security skills gap has been a topic this blog has addressed previously, and it continues to be a challenge for companies. In order to address this gap as well as to grow the number and sophistication of their security tools, these companies are increasingly turning to managed services to ease the burden. It turns out this staff augmentation not only lightens the weight borne by over-taxed security teams; it also decreases the cost of a breach by an average of almost $80,000.

Further Reading on the Cybersecurity Skills Gap:

  1. Podcast Episode 4: Understanding the Impact of the Skills Gap on the Infosec Market
  2. Bridge the Cybersecurity Skills Gap With Tripwire
  3. How Organizations Can Fight to Retain Talent Amidst the Infosec Skills Gap

Why the Cost of a Breach Is Growing

If the practices listed above help to decrease the cost of breach, what contributed to the growth of the cost in the first place? These the factors that stood out to me from the report:

1) Compliance failure – It feels like adding insult to injury when fines and compliance remediation are piled on top of dealing with the cost of a breach. However, compliance isn’t just a practice for staying on the good right side of regulations or business requirements. Those audits are like a regular check-up with your doctor to ensure your security controls are healthy. Continuous compliance thereby helps keep you secure and saves you money in the event of a breach – over $250k on average.

2) Skills shortage – This is a corollary to the managed services cost savings noted above. Not having the resources on hand to prevent or manage a breach added an average of $260k to the cost of a breach. Whether it’s adding staff, providing training or using managed services, finding a way to bridge the gap will help reduce the impact of a data breach significantly.

3) Cloud migrations – Moving infrastructure to the cloud is not a quick or easy process, and it requires planning and expertise to do it effectively and safely. Data exposure during cloud migrations is a risk, especially since environments will necessarily reside in incomplete or transitory states and staff will be learning how to operate the new environment. With the number one exposure this year being cloud misconfigurations, focusing on good architecture, secure configuration and testing will pay dividends in risk reduction.

4) Security System Complexity – It may seem like having a host of security systems to create defense-in-depth is good strategy, but it turns out it is the greatest cost amplifier in a breach, adding almost $300k to the cost on average. Unless there are enough people with the right skills and well-defined processes in place, all those security systems make it harder and more expensive to handle a security incident.

Focusing on the critical controls that provide continuous security will be more beneficial than a breadth of tools adding noise to your system. Having enough trained staff on hand will reduce the cognitive load and ensure you have the expertise to get the value from the tools deployed. Managed services can also reduce complexity by shifting some of the control work to a team dedicated to delivering that value, thus allowing you to focus on your areas of expertise.

Surprising Findings

There were two findings in the report that I found surprising for different reasons. One because it’s a measure intended to protect data privacy, and the other because it ranks quite low on the CIS critical control list.

Anonymized Data is Still Expensive

Stolen anonymized customer data still costs a lot of money – around $140 per record. This tells me two things: 1) anonymized data is valuable to attackers and businesses, and 2) anonymization is good for privacy but isn’t an effective security control. As a practice, reducing or removing personally identifiable information (PII) is a good idea, and it does reduce the cost of per record in a breach event. What it does not do is eliminate the cost altogether. Treat customer data regardless of whether it has PII or not as sensitive by encrypting, segmenting, classifying and limiting access to it.

Red Team Exercises Have a Big Impact

Running live adversarial tests of your data environment is a good idea and will help to discover weaknesses that an automated scanner may not. This is still one of the CIS critical security controls. It just happens to be near the bottom of this list. This is due to the people, time and expertise that are required to effectively perform red team exercises as well as the impact that some of the more fundamental controls have on overall security posture. What surprised me in the report was the outsized impact on cost of a breach this control had. According to the report, red team testing reduced the cost of a breach by an average of $243k. As an investment, training a team to add this control to your toolbox may be worthwhile. The skills will strengthen your overall security posture, decrease the skills gap, and, best of all, allow your teams to have fun!

To review IBM and Ponemon’s report in full, click here.

The post ” Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools” appeared first on TripWire

Source:TripWire – Anthony Israel-Davis

Tags: Cloud, Critical Severity, Finance, Low Severity, Phishing, Privacy, TripWire

Continue Reading

Previous Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Next Joint Cybersecurity Advisory on Threat Hunting and Incident Response Released

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

6 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

2 days ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
  • Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
  • Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
  • FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
  • Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT