Given the future predictions of cyber and other threats, it probably should.

Predictions for 2023 and Beyond

The one thing all cybersecurity prognosticators seem to agree on is that the threat landscape will continue to change, and at an ever increasing rate. Why is that?

According to CSO Online, “The cybersecurity threat landscape is constantly changing, and the pace of change seems to have picked up with the emergence of new types of ransomware threats, the ongoing move toward the cloud, and shifting workforce models. Then there is the aim among many companies to become digital businesses.”

It’s not just cyber threats. “Change has been a constant with regulatory requirements over the past several years, including laws that deal with data privacy. The cost of complying with various privacy regulations and security obligations in contracts is going up. Auditors and consultants are also raising fees due to inflation and rising salaries.”

To make matters worse, try buying insurance against all these threats. “True cyber insurance costs are going up 20% to 25%. Companies can reduce the cost by reducing coverage levels or increasing deductible amounts. That would mean taking more risk. ”

Given these forecasts, smart companies are going to want to convert as much incident response as they can into incident avoidance.

Incident Avoidance vs Incident Response

What’s the cost of incident response? It’s hard to get an exact figure for a particular organization because there are so many unknowns. They include the direct cost of lost data, downtime, lawsuits, and regulatory and privacy violation fines. But, as thing turns out, we have a pretty good idea of what the average cost is of a data breach.

According to IBM’s Cost of a Data Breach 2022 Report, the average cost of a data breach in the US is $9.44 million.

Using that number as a starting point, let’s do some quick, back-of-the-napkin math. If we can turn just one incident response into an incident avoided per decade, assuming no inflation, that will save the average company about a million dollars per year (averaged out over 10 years).

And it’s not like this is a far-fetched scenario. According to IBM, “For 83% of companies, it’s not if a data breach will happen, but when. Usually more than once.” The big questions is, how to be one of the other 17%?