An Internal Security Operations Center Cuts Data Breach Costs by More Than Half

A recent survey conducted by B2B International on behalf of Kaspersky Lab has revealed the average cost of an enterprise-level data breach has risen to $1.41 million from $1.23 million in 2018.

The increased risk of a data breach and the increasing remediation costs has prompted enterprises to invest more heavily in cybersecurity. When the Kaspersky Global Corporate IT Security Risks Survey was last conducted in 2018, average IT security budgets were $8.9 million. In 2019, budgets had increased to an average of $18.9 million.

The biggest costs from a data breach were found to be damage to the company’s credit rating and increased insurance costs, followed by the cost of hiring external security consultants, loss of business, brand repair, additional wages for internal staff, compensation, and financial penalties and regulatory fines.

While there are several things enterprises can do to cut data breach costs, the appointment of a dedicated Data Protection Officer (DPO) and deploying an internal Security Operations Center (SOC) are the two most important for reducing cyberattack-related costs.

A DPO is responsible for creating and implementing a data protection strategy and monitoring and managing compliance issues. 34% of enterprises that had a dedicated DPO said security incidents at their company did not result in financial losses, compared to 20% of businesses overall.

The average data breach cost at an organization with an internal SOC was $675,000 – Less than half the cost of a breach at an organization without an internal SOC. The equivalent cost at large SMBs (500+ employees) was $129,000. With an internal SOC in place to monitor and respond to security incidents, the cost of a data breach was reduced to $106,000.

The survey revealed outsourcing security to managed service providers can result in increased data breach costs, at least for enterprises. 23% of businesses that used an MSP for security experienced data breach costs in the range of $100,000 to $249,000, compared to 19% of businesses with an in-house IT security team.

Appointing a DPO and setting up an internal SOC can help to reduce the likelihood of a data breach occurring, but it does not mean all data breaches will be prevented. With these key personnel in place, when a breach does occur the company will be prepared and will be able to respond quickly and efficiently, which will keep the costs to a minimum.

Recruiting a DPO, hiring staff for an internal SOC, and purchasing the necessary tools to support those personnel can be a time consuming and costly process, but the survey shows investment in key internal security personnel is certainly worthwhile and can significantly reduce the costs of data breaches. 61% of enterprises and SMBs in the United States are planning on increasing investment in specialized IT staff in the next 12 months.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.