Enterprises tapping identity technology as one way to recover after data breach

To recover from a data breach, companies are turning to a number of procedures and technologies including re-education, identity and access management, and expanded use of encryption, a Ponemon Institute study reveals.
Written by John Fontana, Contributor

Nearly half of all U.S.-based companies experiencing a data breach are turning to identity and access management technology as one part of their post-breach procedures to combat another incident, according to a report by the Ponemon Institute.

The Institute's annual Cost of Data Breach Study, sponsored by Symantec and released this month, shows companies are reporting that data breaches are smaller in scale and create less churn, defined as customers abandoning the company after a breach.

In addition, Ponemon reported that the average per capita cost of a data breach has dropped to $194 from $214 in the previous year's study.  In addition, the organizational cost declined from $7.2 million to $5.5 million per incident. The drops, however, are a bit misleading as the numbers calculated did not include companies that had data breaches in excess of 100,000 records. Ponemon said they were excluded "because they are not representative of most data breaches and including them in the study would skew the results."

The post-breach activities of companies revealed that 53% implement additional staff training and awareness activities and 47% rolled out identity and access management solutions. The study noted that the results reflect most companies implement more than one preventative measure following a breach.

Included on the top five list of preventative measures was expanded use of encryption (52%), additional manual procedures and controls (49%), and data loss prevention technologies (45%).

The study also noted the detection and escalation costs associated with a breach dropped 5.8% to $433,000, which suggests companies had the foresight to implement technologies and procedures to bolster these tasks.

The study also pointed out that companies can reduced the cost of a breach by up to $80 per record compromised if they have a chief information security officer on staff who is focused on enterprise data protection.

Overall, the study concluded there is evidence that companies are becoming better at managing the costs incurred to respond and resolve a data breach incident.

The study examined the costs incurred by 49 U.S. companies in 14 industries during 2011.

See also:

Editorial standards