Too Much Blackbeard, Too Little Hull – Ponemon on the Cost of a Data Breach

By Mark Schertler, Chief Security Architect, Axway

A recent Wall Street Journal piece covering the latest Ponemon study that details the cost of a data breach should make security professionals feel terrific, since it verifies – with hard facts and numbers – the issues and concepts we kick around constantly.

In the study, Ponemon notes that the cost of a data breach is lower when you have security leadership in place – in particular, a Chief Information Security Officer. It makes perfect sense that this would be the case, but what’s striking about it is the counter-intuitive fact that fewer companies actually have CISOs on staff in 2012 than in 2011.

Will companies read the study, take it to heart, and recognize the value of security leadership? Will they see that in many cases a CISO more than pays for him or herself by protecting the enterprise from the pitfalls of embarrassment, fines, damaged reputation and lost business?

Further, I found this quote fascinating:

…more than a third of losses are caused not by hackers but by negligent employees or contractors. This represents a reversal from last year in which the hacker threat had briefly been the larger threat.”

I’ll bet this is a fact that most businesses, especially those without a CISO, do not realize – that good security professionals protect organizations from all types of risk that will cost time and money, whether those risks are self-inflicted or external to the organization. And it points to why making sure a boat is seaworthy is at least as important as keeping pirates at bay.

Security talk is too often limited to mitigating the risks of a Blackbeard, and too rarely about the integrity of the hull itself. This Ponemon study should give all of us the numbers we need to feel good about changing the tenor of that talk.