“However, the stand-out figures for security practitioners are the effect of the time-to-detect, encryption and incident response plans on the overall costs. These are all areas where specific action can reduce probable costs. And the probability of those costs can be calculated from this and earlier studies. ‘While the likelihood of a data breach involving a minimum of 10,000 records is estimated at approximately 26 percent over a 24-month period, the chances of a data breach involving a 100,000 records is less than 1 percent,’ states the report.
The existence of an incident response team and ‘extensive use of encryption’ reduced the cost per record lost by $16. Ponemon’s figures also show an even more dramatic cost difference between a time-to-detect of less than 100 days (total average cost of $3.23 million) and that of more than 100 days ($4.38 million).
These figures could be used to generate an argument, complete with potential ROI, for using encryption, investing in incident detection (including threat information sharing), and developing an incident response plan.”
Source: Incident Response Plans Reduce Cost of Data Breach: Study | SecurityWeek.Com