CISOs Keep Breach Costs Lower?

CSO magazine is reporting that the Ponemon Institute has a new study out that finds that “companies that had a CISO (or equivalent title) who managed the data breach incident experienced an average per capita cost of $157 versus $236 for companies without such CISO leadership.”

This would seem to be part of a business case for creating a CISO role.  We’re still working on getting the study, but the implication of this article sounds highly suspect.

Clearly, there are large differences between companies that do and do not have a CISO. These differences are likely most of the reason for the difference in costs, not the presence or absence of a CISO.

Before we get to that, let’s point out the two ways to lower the cost of a breach:

  • Lose less information.  Fewer records, fewer fields within the records, etc.
  • Respond to the loss more effectively. Shut down an ongoing incident, recover what you can, manage the media, etc.  (IREC members should download our December study on Incident response. Another good if aged resource is NIST 800-61.)

Difference 1: Size. Few large organizations do not have a CISO or equivalent.

  • Large organizations tend to have more mature processes and likely respond better to incidents, lessening their costs.
  • Large organizations tend to lose more records during a breach.  The “per capita” cost is generally lower in larger breaches.

Difference 2: Culture. Any medium or large organization that does not have a CISO in this day and age clearly has a very limited appreciation for information risk. This drastically different risk culture implies that lots of things are going to go wrong before and after the incident to make things worse. To put this down to the lack of a CISO ignores a much larger problem.

In summary, the presence or absence of a CISO is a proxy for different types of organizations that have different costs of a breach.

Explore posts in the same categories: Information Risk Governance

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: