Quoting Yogi Berra, “It feels like we’re reliving the same moments again.” If seeing the global average expenses of data breaches escalating annually seems like a recurring theme, that’s because it is. Data protection solutions evolve, but so do cyber threats. Another recurring issue is the underutilization or misapplication of technologies that can aid in protecting data, such as AI and automation.
The 2024 Cost of a Data Breach (CODB) Report by IBM examined 604 organizations in 16 countries across 17 industries, encompassing breaches involving 2,100 to 113,000 compromised records. A significant discovery was that modern technologies, on average, decreased breach expenses by $2.2 million. When seeking investments, emphasizing financial impacts rather than technical intricacies will resonate more with your audience, especially CISOs and security teams.
Where are the cost reductions occurring?
Cyber resilience goes beyond just disaster recovery; it’s a crucial element. A robust program integrates proactive and reactive workflows, including the associated technologies. When these components synergize effectively with adequate support, the outcome exceeds the sum of its parts.
The 2024 CODB Report revealed that deploying AI and automation extensively across preventative or proactive workflows led to cost savings for organizations, such as attack surface management and posture management. There exists a noteworthy correlation where opting for a “prevention-first” strategy might be propelled by the increased threats and utilization of AI.
Furthermore, the COBD Report underscored that the industry is once again affected by a skills shortage. Amidst staff feeling overwhelmed, particularly during incident responses, artificial intelligence can serve as a supportive tool to retain employees. Security and managerial personnel should recognize that neglecting investments in tools and solutions could result in the departure of highly skilled staff possessing institutional knowledge, leading to additional expenses to replace these positions.
Strategize and execute cohesively
For organizations still tackling the cybersecurity challenge in isolated compartments or with limited transparency, they are heightening the risk profile of the entire organization, not just the security aspect. In today’s era where technology is mission-critical for service delivery, it’s no longer merely about enhancing efficiency and competitiveness. Remember these points when strategizing collectively:
- Remove data blind spots. Many refer to these as the organization’s “most crucial assets,” yet with the vast data generated nowadays and the complexities surrounding data lifecycle management, what truly lurks beneath the surface? Evaluate a data security posture management solution and be cautious of shadow data.
- Embrace a security-first mindset. Although challenging, incorporating security into workflows and solutions from the outset means eliminating unnecessary complexities that can be intricate and costly to resolve post-incident.
- Promote a culture of security. Instigating change, especially concerning new technologies like generative AI, can be challenging. Encourage individuals to align with security principles without compromising on business delivery. Remember, they are not just users but pivotal contributors to successful implementations and enhancements.
Harnessing technology effectively
The CODB Report also highlighted that two out of every three organizations examined are implementing security AI and automation in their security operation centers. With this level of acceptance, widespread usage is seemingly imminent.
Hence, the crux lies in utilizing technology judiciously to align with the organization’s risk profile and strategic objectives. Making a business case becomes simpler when the average cost of a data breach is reportedly USD 4.88 million. Recent findings indicate that such investments can be worthwhile.