By Matt McKinley, U.S. director of product development, Stonesoft
The MSP Alliance welcomes a guest post from Stonesoft, Inc. (www.stonesoft.com), a global provider of network security solutions to MSSPs, enterprises and government organizations.
On March 19th, Symantec and Ponemon Institute released the findings of their annual Cost of a Data Breach Report. The findings were quite interesting. From CIO.com:
“For the first time in seven years—and despite numerous high-profile incidents—the average cost of a data breach fell in 2011, according to new findings released by Symantec and the Ponemon Institute…
The study found the average organizational cost per data breach was $5.5 million in 2011, down 24 percent from $7.2 million in 2010. Additionally, the cost per compromised record fell to $194 per record, down $20 (10 percent) from 2010. That’s the lowest cost per compromised record since 2007…
A decline in lost business costs—abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill—drove the overall decline in data breach costs. Lost business costs fell to $3.01 million in 2011, down 34 percent from $4.54 million in 2010.”
I’m not sure how many in the infosec industry saw that coming. The cost of data breaches has been escalating for years. But, as the article points out, one explanation is that customers are sticking by companies even when breaches occur. What it doesn’t point out is that companies shouldn’t take this newfound “tolerance” of customers for granted. The desensitization of end-users to stolen data poses its own set of risks. A customer that fully trusts a company with sensitive information is better than an apathetic one…right?
One thing is certain. Avoidance is only one part of solid network security strategy. Just as important are the policies, procedures and processes that follow when and if a data breach does occur. It’s the handling of the situation that can impact customer attrition – even more so than the breach itself.
Vendors and MSSPs alike need to focus not just on the avoidance aspect. An equal amount of focus should go on providing the tools and services that will ensure proper and sensitive remediation and forensics post-breach. The ability to positively impact the quality of customer relationships in the face of a business disaster is uncharted territory – and opportunity – for MSSPs.