Every year, Forrester delivers the Forrester Analytics Business Technographics® Security Survey, which gives us insight into security decision-makers’ current state, challenges, and forward-looking priorities. This year, we analyzed the data to see how digital transformation hesitancy, disaster recovery preparedness, and balancing expectations with data affect the cost and effects of breaches. One of our key findings was that enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach.
This data alone is interesting, but we wanted to dig a layer deeper to actually provide some analysis and insight. We found some intriguing data on what effect a lack of incident response and crisis planning had on an organization’s ability to quickly respond to a breach.
Globally, organizations took a median of 37 days to find and recover from a breach: 27 days to find an adversary and eradicate an attack, plus 10 days to recover from the breach. In contrast, organizations that had a lack of adequate incident and crisis response preparation took a median of 46 days to find and recover from a breach: 35 days to find an adversary and eradicate an attack, plus 11 days to recover from the breach.
It also cost organizations a global mean of $2.4 million in total per breach, while it cost organizations that had a lack of adequate incident and crisis response preparation a mean of $3 million, which is $600,000 more than the global average.
Bottom line: Organizations that lack adequate incident and crisis preparation spend nine days longer and $600,000 more, on average, finding, stopping, and recovering from a breach.
Keep in mind that this is the median and average, respectively, for all kinds of breaches. This does not differentiate between attacks that disrupt business continuity like ransomware versus those that steal data but don’t necessarily have compounding business effects like business disruption. For many organizations, nine additional days to find, eradicate, and recover from a ransomware attack that has stopped normal business processes is far more costly.
The most important lesson to take away from this data is something the security community has pushed for a long time, but we have not previously had the data to showcase it: By failing to prepare, you are preparing to fail. Preparation prior to a breach is critical to reducing recovery time and costs. It’s important to consider:
- Incident response plans should be created for the security team but also more broadly for the entirety of the organization. Ultimately, in the event of a breach, individuals across the enterprise must get involved: general counsel, marketing, sales, customer success, operations. Make sure the security team is aligned with these parts of the organization on what steps they should be prepared to take in the event of a breach: managing transparency and clarity to customers while addressing any potential liability, ensuring good customer experience (CX) and employee experience (EX), as well as other important factors.
- Tabletop exercises should be run at least yearly with all stakeholders from the organization to ensure all teams are prepared in the event of a breach. Organization-wide tabletop exercises are also a great way to get business buy-in on cybersecurity initiatives—seeing the potential fallout of a breach in action is much more impactful than being told about it in a PowerPoint slide.
Business resilience and reducing costs and downtime associated with a breach require breach preparedness. In order to maintain business resilience as a competitive advantage, organizations must prioritize timely incident response plans, business continuity planning, and disaster recovery plans inclusive of security breaches or risk failing to deliver on their vision and brand promise.