Security Information & Event Management Blog | SIEM

New Cost of a Data Breach Reveals Increasing Cost, Time to Discover, and Size of Data Breaches

CorreLog IBM Sys Webinar 2018_GVv1_Blog

In July 2018 IBM, with the help of Ponemon, released the 2018 Cost of a Data Breach Study, and its findings support a troubling trend – data breaches are becoming bigger, costlier, and are taking longer to discover year after year. Hackers are finding new and stealthier ways to steal valuable data, all while CISOs’ report top concerns being lack competent in-house staff, human error, and increasingly stressful conditions under stagnating budget.

From 2017 to 2018 the average cost of a data breach grew from $3.62 million to $3.86 million, the average time to discover a data breach increased from 191 days to 197 days, and the size of the breaches increased overall by 2.2 percent. Cyber-crime is a massive beast that doesn’t appear to be tamed any time soon. The GDPR, which went into effect in May 2018, aims at stricter personally identifiable information (PII) security regulation that will help crack down on cyber-crime against EU citizens, and its hefty penalties for noncompliance are likely to make the cost of breaches grow even higher.

High profile breaches like that of Facebook and Ticketmaster UK in recent months have security professionals on high alert, but we continue to have high-profile breaches. With distributed system security monitoring in the forefront of software manufacturers’ minds it is easy to overlook threat vectors like mobile, IoT, and the oft-forgotten mainframe. Naples, Florida-based CorreLog is addressing this “security gap” with technology specific to mainframe security, bringing real-time mainframe breach notifications into these distributed security software solutions.

Click here to register for CorreLog & IBM System Magazine's webinar on The GDPR  Aftermath

For the first time, Ponemon included the extensive use of IoT’s cost impact on a data breach. Per stolen record, the extensive use of IoT cost an organization $5 more in 2017. In a data beach where hundreds of thousands of records are compromised, this additional cost could reach the millions. IoT devices are expected to reach into the tens of billions within the next few years, and to tame the security chaos from these devices, some experts are calling for moving the IoT workload to the mainframe, a move similar to that of ATMs and mobile[1]. While this move could bring much needed order and heightened security capabilities, it adds to the threat landscape affecting mainframes, where security is often taken for granted and where real-time notifications in distributed Security Information & Event Management (SIEM) systems is sparse.

 Another interesting finding in the report is the disparity between the cost of a data breach for companies with fully deployed security automation, and for those without. Companies without fully deployed security automation (where detecting, alerting, support ticket submitting, and remediating are computer automated with minimal human intervention) software suffered a net $1.55 million dollars more than those whose security automation was fully deployed – an increase of 35 percent.  

These findings paint a grim picture of commercial cyber security performance, and the most popular headlines will be the ones talking about the largest breaches. However, the study provides some excellent insight into which strategies helped stem the bleeding sooner, which in turn lowered the cost of breach. Most notably, fully deploying a security automation system into your IT infrastructure is proven to reduce the cost of a data breach, and that IoT security needs to improve.

Eliminating the Mainframe ‘Security Gap’

The first step to helping IT security professionals fight cyber-crime is to employ enterprise-wide, real-time SIEM visibility across both your distributed and mainframe systems.  Real-time monitoring is crucial considering the average of 197 days it took companies to discover a data breach in the latest IBM/Ponemon report. The next step is making sure every device connecting to your network is integrated into your SIEM software including both mainframe and mobile devices, and where possible IoT.

With the CICS facility and terminal emulation, the mainframe is closer to the Internet than ever before and is constantly being probed. It is essential for security professionals to take proactive steps to extend the real-time visibility of SIEM monitoring into the mainframe. This will equip IT security admins (or better yet, security automation systems) with up-to-the-second security notifications for faster remediation in the event of a breach of any platform – saving millions and brand reputation in the process. 

CISO’s agree. Most of them fear their company is more likely in 2018 (and beyond) to suffer a data breach than ever before[2]. Organizations must have adequate security software and processes in place to avoid costly breaches that not only have the potential to rack up massive regulatory fines, but also cause devastating consequences to their brand. What’s more, is that this software must also be easy to use and implement and inexpensive when considering CISOs report they are worried about competent personnel, job stress, and stagnating budgets.  CorreLog is one vendor that provides this type of software experience at an affordable price. To learn about how you can extend your SIEM system to your mainframe easily and cost effectively, visit  





0 replies