By the Numbers: Preparing for a Data Breach

preparing for a data breach

Among the myriad responsibilities of the average enterprise IT security team—monitoring user access, revoking rogue permissions, threat hunting, security data analytics, etc.—preparing for a data breach is certainly one of the most prominent.

It’s no surprise. A data breach is not just a technical issue that could disrupt your business processes. A data breach is a digital wound that jeopardizes financial, proprietary, and personal data, creating long-term chaos. It’s also a publicity nightmare, as it can hurt your clients’ or customers’ trust in your enterprise in both the short and long term.   

In preparing for a data breach, your enterprise needs to recognize just how severe and persistent a threat data breaches can be…and how vulnerable you are to these digital threats. Your enterprise needs to remember perhaps above all that preparing for a data breach is a marathon, not a sprint.

Why Preparing for a Data Breach is Essential

44% of enterprises have suffered at least one data breach in the past year, according to a survey by identity governance and administration solution provider Sailpoint.

Of those enterprises reporting a data breach, they each experienced an average of approximately 30 data breaches in the past year.

9%—nearly one in ten—IT leaders responding to the survey could not confidently state whether their enterprise had suffered a data breach.

The average cost of fixing a data breach was nearly $1 million, which does not include lost revenue, brand damage, and legal fines.    

This highlights one of the most important considerations in preparing for a data breach: without the right tools at your disposal, a threat could completely slip under your IT security team’s radar. Attacker dwell time could be in the months, especially if an attacker gets ahold of privileged credentials or if users’ inappropriate access is allowed to go unchecked.

Preparing for a Data Breach on the Cloud

Identity governance on the cloud, and identity and access management in general on the cloud, is one of the most challenging cybersecurity concerns of the current digital era. With more enterprises undergoing digital transformations or implementing hybrid IT environments, enterprises need to examine the identity and security challenges that come with these innovations:   

98% of European companies face organizational challenges implementing security in cloud environments, according to a survey by SIEM solution provider Sumo Logic.

63% of enterprise respondents say the cloud requires broader technical expertise to understand threats

51% said staff overload is a challenge for security in their cloud environment.

In a statement, Sailpoint’s Chief Product Officer Paul Trulove said “IT leaders face an uphill battle. Hackers are increasingly more sophisticated and more organized, and governments are adding new layers of complexity with regulations like GDPR.”

“Yesterday’s security strategies are simply not sufficient to address these security and compliance requirements. Implementing a comprehensive identity governance program helps organizations answer the critical questions of who has access to what, who should have access to what, and how is that access being used, providing the much-needed visibility into today’s hybrid, constantly evolving IT environment.”

So in preparing for a data breach, remember the golden rule: this is serious. There is no easy answer. But with the right tools, you can avoid being one of these statistics: all of the most dedicated credential-stealing hackers will be turned away by the mere sight of an IAM or IGA solution on your IT environment.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner