How One Organization's Incident Response Plan Saved Them Millions

Discover how one organization's incident response plan saved them millions of dollars.

When it comes to information security, it's not a question of if an incident will occur, but when. One organization (their name is intentionally withheld for security reasons. Strong security practice for all.) learned this recently when they experienced a data breach that could have cost them millions of dollars in lost data, lost revenue, settlements, lawsuits, and reputational damage. According to the Ponemon Institute’s 2021 Cost of Cyber Crime Study sponsored by IBM the typical organization experiences an average of 145 security incidents per year and spends $13 million annually year to defend itself.

Fortunately, for this organization their incident response plan saved the day, allowing them to mitigate the damage and prevent future incidents. Here's how they did it.

Early Detection and Intervention Lead to Cost Savings

The first key to effective incident response is early detection. In this case, the organization had implemented a variety of effective security controls and monitoring systems that allowed them to detect the incident quickly. The chose detection systems that utilized artificial intelligence to help them identify and detect early potential threats, which helped bridge the resource gap they had in the cybersecurity area. This early detection allowed them to minimize the damage and reduce the amount of data that was compromised. It also allowed them to begin responding to the incident immediately, rather than waiting until it was too late. In the Cost of Crime Study, it goes on to point out that it took an average of 287 days for an organization to identify and contain a data breach, seven days longer than in the previous report.

Effective incident response also requires proper intervention. The organization had a clear plan in place for how to respond to a data breach. This plan included steps for isolating the affected systems, securing the environment, and notifying the appropriate internal and external stakeholders. By following this plan, the organization was able to minimize the impact of the incident and prevent it from becoming a more damaging business continuity issue or major disaster.

Early detection and intervention not only helped minimize the impact of the security incident, but also ultimately lead to cost savings for the organization. By detecting and responding to the incident quickly, the organization was able to avoid significant costs associated with a prolonged incident, such as lost productivity, reputational damage, legal fees, and more.

Additionally, by having a well-structured and tested plan that outlined the steps to take in the event of a security incident, the organization was able to avoid some other costs typically associated with a disorganized and ineffective response. This can include costs associated with hiring external consultants, paying overtime to staff, and purchasing new security tools and technologies.

The Benefits of Proactive Incident Response Planning

One of the key lessons learned from this incident was the value and importance of their proactive incident response planning. By having a comprehensive incident response plan in place before the incident occurred, the organization was able to respond quickly and effectively. This plan included not only technical steps for responding to the incident but also legal and communications plans to manage the fallout.

Proactive incident response planning also helps organizations to identify potential data at risk and vulnerabilities before they can be exploited. In the IBM sponsored Cost of Data Breach Report 2021, customer’s Personally Identifiable Information (“PII”) was the costliest record type, at $180 per lost or stolen record. The overall average cost per record in the 2021 study was $161, an increase from $146 per lost or stolen record in the 2020 report year. This is important to note as nearly every single organization in the world stores customer data.

But because they had been assessing and addressing these vulnerabilities before the incident occurred, they were able to reduce the impact of the incident. This resulted in significant cost savings, as the organization didn't have to spend as much on incident response and recovery.

This proactive incident response planning has effectively improved the organization's reputation and customer trust by minimizing the incident early at the point of attack. By demonstrating that the organization had a plan in place to handle potential incidents, customers and stakeholders often feel more confident in the organization's ability to protect their data and assets. This can lead to increased customer loyalty and positive brand recognition over time.

How Collaboration and Planning Led to Successful Incident Response

Another key factor in the organization's successful incident response was collaboration. The organization had a cross-functional incident response team in place, which included representatives from IT, legal, communications, and business units. This allowed the organization to respond quickly and effectively to the incident, as each team member had a clearly defined role to play.

In addition to collaboration, effective incident response also requires planning. The organization had in collaboration with their partners conducted extensive tabletop exercises prior to the incident, which helped the incident response team to be well-prepared and confident in their response. These exercises allowed the team to identify potential issues and work through them before the incident occurred.

Furthermore, the organization had a clear communication plan in place, which was critical in ensuring that all stakeholders were kept informed throughout the incident. The incident response team had established communication channels and protocols, which allowed them to quickly disseminate information to the appropriate parties. This helped to minimize confusion and prevent misinformation from spreading, which could have further complicated the incident.

Achieving Cost Savings Through Effective Incident Response

By responding quickly and effectively to the incident, the organization was able to minimize the impact on their business. This saved them millions of dollars in lost revenue, settlements, and reputational damage.

According to the Cost of a Data Breach Report the total costs of a data breach rose from $3.86 million in 2020 to $4.24 million in 2021, the highest average total cost in the history of the report Interestingly, it goes to state the average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.

In addition to these direct cost savings, effective incident response can also lead to longer-term cost savings. By identifying vulnerabilities and implementing controls to address them, organizations can reduce the likelihood of future incidents. This can result in significant savings over time, as the organization doesn't have to spend as much on incident response and recovery.

Another benefit of effective incident response is improved customer trust and loyalty. When customers see that an organization is able to handle incidents quickly and efficiently, they are more likely to trust that organization with their personal information and continue doing business with them. This can lead to increased revenue and customer retention.

Furthermore, effective incident response can also help organizations comply with regulatory requirements. Many industries have specific regulations around incident response and data protection. By having a strong incident response plan in place, organizations can ensure they are meeting these requirements and avoid costly fines and penalties.

Preventing Costly Outcomes Through Effective Incident Response

In today's digital world, incidents are inevitable. However, effective incident response can mean the difference between a minor blip and a major disaster. By implementing a comprehensive incident response plan, organizations can be well-prepared to respond to incidents quickly and effectively like the organization in this example. This can result in significant cost savings, as well as reduced reputational damage and other negative outcomes.

The organization in this case learned a lot along the way, but they credit their proactive incident response planning, which allowed them to mitigate the damage and also help them prevent future incidents.
Some areas they identified as needing some improvement were having a clear chain of command and communication plan in place. This ensures that everyone knows their role and responsibilities during an incident, and that information is shared quickly and accurately. Regular training and drills can help ensure that everyone is familiar with the plan and can respond quickly and confidently when an incident occurs.

Another improvement area they identified was having a robust backup and recovery plan. This includes regularly backing up critical data and systems, as well as testing the recovery process to ensure that it works effectively. By having a solid backup and recovery plan in place, organizations can minimize the impact of an incident and quickly get back to normal operations.

Having a tested incident response plan in place is now an executive management and board member activity as well. They need to partner with their security leadership and other business leaders within the organization to ensure an effective capability is in place. It is part of their due-care and fiduciary responsibility. By following this organization’s example and learnings, other organizations can be well-prepared to respond to incidents and prevent costly outcomes.