We all like making decisions based on evidence. And it’s a lot easier to get behind a change that promises a return. This is the eternal struggle of enterprise security. How do you make the business case for proactive data loss prevention (DLP) measures when you know they won’t completely prevent data breach? How do you convince decision-makers about an ROI that makes “the worst” less bad?
Getting a handle on the true cost of data loss
The Verizon 2015 Data Breach Investigations Report (DBIR) takes a big step toward answering these challenges. Noting the lack of concrete data on the total cost of data loss and the ROI of DLP measures, the report calls out the “creative environment for [DLP] decision making” that leads to under spending, overspending, ineffective and downright “useless” spending.
The solution? The 2015 DBIR offers what it says is a more accurate method for estimating the total cost of data loss. We won’t get into the statistics nitty-gritty, but previous methods tend to distort the ends of the spectrum—underestimating the cost of smaller breaches while overestimating the cost of larger ones.
For breaches big or small, every record counts Verizon says their new method makes two things clear. First, the total number of records lost drives the total cost of a data breach. Second, mitigating factors—including DLP measures—effectively reduce total breach cost by reducing the total number of records lost.
Put in simple terms: Each record lost costs the enterprise money—whether it’s hundreds of small breaches or a front-page-headline breach. Every record protected by a DLP effectively reduces the cost of a data breach. So while DLP measures won’t entirely prevent breaches, their value lies in minimizing the total number of records lost by both reducing the incidence of breaches and limiting the impact of each individual breach.
Basic DLP promises powerful ROI
The 2015 DBIR gets even more specific on the value of DLP measures. Its data suggest that 40 percent of the data loss incidents examined could have been prevented or mitigated by what the Council on Cybersecurity has defined as “Quick Win” DLP measures. These include multi-factor user authentication, traditional anti-virus protection, and endpoint backup tools that enable the enterprise to quickly identify and respond to anomalies in data movement across the enterprise. Verizon’s resounding recommendation: “Don’t sleep on basic, boring [DLP] measures,” which can dramatically mitigate the cost of data loss and deliver measurable ROI.
So, to the enterprise IT security world: Take this evidence. Build your business case for DLP. Secure your endpoints. Back up your data. Encrypt. And remember every record counts.
To learn more about how endpoint backup can help your organization protect its data, download The Guide to Modern Endpoint Backup and Data Visibility.