True Cost

The True Cost of a Data Breach

The True Cost of a Data Breach

By Russell Gray, Director of Client Success at PacketSled

One of the common issues that we deal with, here at PacketSled, is helping our clients and potential customers quantify the risk of a potential data breach. The primary issue is that cyber security risk does not typically fit into traditional models of risk assessment and measurement. Without a framework to fall back on, today’s security practitioner can feel like he or she is resorting to guesstimates and scare tactics to procure the necessary resources.

What we do know is that the cost of data breaches is at an all-time high, and increasing year-over-year. IBM's recent 2018 Cost of a Data Breach study reports that the global average cost of a data breach is up 6.4 percent, over the previous year, to $3.86 million per breach. The study, which interviewed 477 companies, also concluded that the likelihood of an organization having a data breach over the next two years increased to 27.9%. Put more simply, the likelihood of a company having a breach is increasing and the cost of that breach is increasing.

It is also clear that the speed in identifying and responding to a data breach has a big impact on the resulting cost of that breach. Per the IBM survey, it took companies an average of 197 days to identify a data breach and then an additional 69 days to contain it. Further, companies that were able to reduce the time to identify the breach to 100 days saved an average of $1 million dollars per breach when compared to those that took longer.

Similarly, the study showed that the presence of an in-house incident response capability also had a large impact on reducing the cost of a given data breach. Companies with a strong IR capacity reduced the amount of time to contain the breach, thereby reducing the average cost of a breach by 10.5%. With the average total cost of a data breach sitting at $3.86 million, this is a savings of more than $386,000 per breach.

If we coalesce these two findings, it’s clear that time is money when dealing with data breaches. If a company can reduce the time to detection and increase the speed of their response, the resulting savings can be significant -- over $1.3 million in some cases.

How can you decrease your time to detection & remediation?

A 2018 Threat Hunting survey found that using a network monitoring, detection and forensic analysis tool like PacketSled can increase speed of detection by 2.5x or more. This would reduce the average time to detection, from the IBM survey, from 197 days to 79 days. In PacketSled’s case, we typically identify threats in 48 hours, and a persistent threat in under 30 days. This capability can be crucial given that the study found that both the time to identify and the time to contain were highest for malicious and criminal attacks and much lower for data breaches caused by human error.

PacketSled can also be used to shorten your time to respond and remediate by supporting your in-house IR capability. Deploying PacketSled sensors on your affected network effectively “turns on the lights” and gives you visibility to the immutable truth of your network traffic. Capable of dissecting more than 63 protocols, PacketSled’s sensors provide complete network stack visibility from layers two through seven. Combine this with our full packet capture and file extraction capability and you will be well positioned to identify the breach, isolate the affected machines and begin remediation efforts quickly.

In a cyber security environment where every minute counts, contact PacketSled today to see how we can save you time, which can save your company money. 

Russell Gray is the Director of Client Success at PacketSled. Contact him at

About PacketSled

PacketSled is the network analytics platform of choice for security teams globally. Used by enterprises and MSSPs for real-time data analysis, threat hunting and incident response, the platform leverages continuous internal network monitoring and retrospection to provide network forensics and security analytics. Security teams can integrate PacketSled into their orchestration engine, SIEM, or use PacketSled independently to dramatically reduce the resources required to respond to persistent threats, malware, insider attacks, and nation state espionage efforts.

The company has been named an innovator in leading publications and by security analysts, including SC Magazine, earning a finalist award in 2018 for network visibility. For continuous product updates and industry news, please visit us at or follow us @packetsled.