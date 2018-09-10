Expansive use of encryption, automating security wherever possible, and having an incident response team can all reduce the potential cost of a breach, as can employee training and cyber insurance. But being properly prepared throughout the business and knowing what to do in the event of a breach is the biggest cost saver.

“You need to have an incident response plan in place, that plan has to be tested and practiced across the whole range of the C-Suite,” says Wheeler. “And it's got to be more than just having it on paper, you've got to actually simulate as close as you can to what the real world's going to be like.”

This prep includes understanding what roles everyone the company has in the wake of a breach, knowing which external parties you need to contact and bring in, having your external communication strategy prepared.

Conversely, third-party involvement, extensive cloud migration or use of IoT devices at the time of breach can add to the potential cost impact, as can loss of devices such as laptops or phones. In the same way being better prepared reduces costs, being caught short only increases them. “If the organization dealing with the breach does not have a formalized incident response plan, then their costs will be significantly higher, because in the wake of that disaster or major critical business event they're trying to figure it out for the first time.”