The Cost of Doing Nothing About Data Discovery

It’s always easier to do nothing.

Following the path of least resistance might work in some walks of life; Buddhism actively encourages it from what I’ve heard. In Data Security though it’s rarely the right thing to do. Most things in life are a decision of A or B and one will normally require additional effort on someone’s part or incur greater cost. This is one of the main stigmas around adopting software and technology into an enterprise.

“It’s very expensive”, “It’ll take weeks to implement”, “We don’t have the experience or manpower to deliver that”. All common excuses not to take a data protection project forward in my experience, but I want to explain why they should be seen as just that: excuses.

Let us start with the money then, it does make the world go round after all. It’ll always be cheaper to do nothing. If you’ve not got a solution performing whatever the function is currently, then its cost is 0. Even if the solution you’re looking to adopt was a single penny, it’s 100% more expensive than the existing platform.

What needs to be fully understood is the cost of doing nothing, the average cost of a data breach is around £4million, so if a solution prevents that it’s saved you £4million minus it’s purchase cost. The 2022 IBM Cost of a Data Breach reported the cost per record being around £164 on average. Meaning that if you’ve got “records” in places you’re not aware of without controls in place then you don’t know your exposure or risk. Whilst there’s always constraints on budgets, skipping data security shouldn’t be an option.

Moving on to the wider implementation saga. Yes, it’s not going to be instant, but it’ll probably be a lot quicker and easier to manage than you think, especially if you’re engaged with a services partner and vendor who are generally invested in the outcomes for your business. Most Data Discovery and Data Protection platforms come with “low hanging fruit” specific classifications or identifiers for PII, PCI and the like meaning that all important “quick wins” will be available inside hours, not days let alone weeks.

A Data Discovery or Data Protection platform will start giving you intelligible and actionable feedback as soon as it’s enabled and results are generated. It’s important to remember that as a customer, there are partners and vendors who’ve been down this path many times before. HANDD engineers have seen the implementation mistakes (and learnt from them) so you don’t have to. It’s our job to support you in embedding the chosen technology into your organisation, as seamlessly and non-intrusively as possible.

Over the past 16 years we’ve been developing skills, generating frameworks which work and learning how different customers operate to keep their data safe. If you’re reticent on adopting Data Discovery, Data Loss Prevention, CASB or any other platform for that matter, consider reaching out to HANDD for an open and honest appraisal of your next project.

Contact HANDD’s specialists on +44 (0) 845 643 4063 or email us at