Healthcare News & Insights

Top IT investments that cut the costs of cyber attacks

Healthcare providers, like most organizations, have a limited IT budget and can’t always afford to implement all of the security tools and practices they would like. Where should IT departments prioritize? 

Across all industries, cyber attacks are becoming more frequent and more costly, according to the Ponemon Institute’s new 2012 Cost of Cyber Crime Study. Healthcare organizations may be even harder hit than others, as the financial and medical data providers hold can be very valuable for criminals looking to commit medical identity theft, insurance fraud or other crimes.

Many factors contribute to the ever-growing costs of a cyber attack, the biggest being the loss of important information and disruption to normal operations, as well the costs of detecting and recovering from the attack.

While organizations are unlikely to prevent all future cyber attacks, they can lower the costs of those incidents by installing additional security systems or implementing new security procedures. But where should busy and cash-strapped health IT departments prioritize their efforts?

The Ponemon Institute study measured the average impact that certain practices had on lowering the amount of money lost due to cyber attacks. These steps led to the biggest cost savings, according to Ponemon:

  • Obtaining sufficient budgeted resources (organizations that did that saved an average of $2.1 million)
  • Appointing a CISO or other high-level security officer ($1.8 million)
  • Employing certified security personnel ($1.5 million)
  • Using security metrics extensively ($940,000)
  • Obtaining certifications based on industry-leading standards ($650,000)
  • Forming a senior-level security council ($590,00)
  • Conducting substantial security and awareness training ($100,000)

Similarly, some investments in IT security technologies paid off more than others. These were the tools that paid off the most for the businesses in the study:

  • Security intelligence systems (average savings of $1.7 million)
  • Access governance tools ($1.6 million)
  • Enterprise governance, risk and compliance (GRC) tools ($1.4 million)
  • Data loss prevention tools ($870,000)
  • Encryption technologies ($850,000)
  • Firewalls and perimeter controls ($650,000)
  • Automated policy management tools ($350,000)

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.