You might not hear about data breaches in the Gulf region that often, but don’t be fooled: they are still happening. The reason they aren’t discussed is that, compared to the rest of the world, the Gulf region has lax breach notification requirements.
That means most incidents go unreported, which is bad news for not only affected individuals but also business in general. No one is quite sure exactly how big the problem of poor information security is, so organisations don’t address it. The lack of defences also increases the likelihood of large-scale breaches and lasting damage.
Ponemon Institute’s 2017 Cost of a Data Breach Study found that it cost organisations in Saudi Arabia and the UAE $4.94 million (about SAR18.53 million or AED18.14 million) on average to recover from a breach. Only the US spent more.
Many organisations can’t afford that, meaning a breach would put them out of business. The obvious course of action is to invest in cyber security defences to mitigate the risk of a breach, but there is no guarantee that they will prove 100% effective. In fact, you will almost certainly be breached at some point, given the vast number of cyber criminals, insider threats and potential accidental breaches.
Organisations should therefore look for ways to mitigate the damage that a breach will cause. They can do this by implementing a BCMS (business continuity management system).
A BCMS can keep you in business
The biggest costs associated with a data breach come in the days after the incident has occurred. Without a plan in place, organisations risk grinding to a halt as they struggle to access their systems and records. A BCMS ensures this doesn’t happen, as it lays out backup plans for how everyone in the organisation should deal with the disruption.
The process begins by assessing your organisation to look for the most likely sources of disruption. For instance, you might be worried about a member of staff falling victim to a phishing attack, or a power outage preventing you from accessing electronic files. You then note how each incident will affect your organisation and prepare appropriately.
Ponemon Institute found that, on average, organisations with a BCMS:
- Save an average of about SAR250,000 or AED244,000 per incident;
- Identify a breach 43 days earlier than those without a BCMS; and
- Contain a breach 35 days earlier than those without a BCMS.
How to implement a BCMS
The best practices for a BCMS are laid out in ISO 22301. The international standard includes a framework for disaster recovery that focuses on specific operations, functions, sites, services and applications.
You can find out more about ISO 22301 and how you can create a BCMS in line with its requirements by reading our green paper: Business Continuity and ISO 22301. This free guide explains:
- How to protect your organisation with business continuity management;
- What implementing an effective BCMS entails;
- The benefits of adopting ISO 22301;
- How a BCMS can help you if you’re within scope of the EU GDPR (General Data Protection Regulation);
- How effective business continuity management can help you develop a cyber resilient posture; and
- The advantage of certifying to ISO 22301.