Allie Mellen, Analyst

Show Notes:

Enterprise breaches are an accepted part of doing business today. If you’re not experiencing any security threats, you’re probably not in business. But security strategies and outcomes vary widely from one global region to another. So are there things one region can learn from another?

In this episode, Analyst Allie Mellen discusses the findings from a new report that analyzes the state of enterprise breaches and provides some key lessons learned from various regions.

Mellen starts with a review of some key findings from a survey of thousands of security leaders in 2021. The bad news is that the number of organizations experiencing breaches was up 4% globally. And among those that were breached, it took a median 37 days to find the breach and cost a mean of $2.4 million to recover from it. The survey also found that the top two challenges cited by security decision-makers haven’t changed for the past three years — it’s still IT complexity and the changing and evolving nature of IT threats.

So rather than put all their eggs into the “prevent all breaches” basket, Mellen suggests that it may be time for security teams to shift to a post-breach mindset and prioritize resilience. “Most orgs are going to be breached — it’s just a matter of controlling how many times they’re breached, the cost associated with it, and controlling how quickly they recover.”

From there, the discussion turns to which regions have been hit hardest by breaches and what best (and worst) practices might be influencing the variations between the regions. As an example, Mellen highlights the impact of European regulations on prioritizing breach disclosure, which seem to emphasize breach response preparation in orgs.

The episode finishes with Mellen providing three key pieces of guidance on handling breaches for security teams at global companies working across multiple regions.