Data breaches cost organisations in India about Rs. 12.8 crore on average between July 2018 and April 2019, according to a report sponsored by tech giant IBM.
The global average total cost of data breach was USD 3.92 million (about Rs. 27.03 crore) with the average size of the breach being 25,575 records.
In India, the per capita cost per lost or stolen record was at Rs. 5,019, compared USD 150 per record globally. On an average, 35,636 records were compromised in a data breach in India that ranked 15th in terms of total cost of breach.
The findings are part of the 2019 Cost of a Data Breach Report, conducted by the Ponemon Institute, and sponsored by IBM Security.
For the report, the Ponemon Institute interviewed over 500 organisations that have experienced a breach between July 2018 and April 2019.
The analysis takes into account cost factors from legal an regulatory activities to loss of brand equity, customer turnover and the drain on employee productivity.
“India is witnessing a significant change in the nature of cyber crimes, it is now extremely organised and collaborative. The cost of data breach continues to grow,” IBM India/South Asia Security Software Leader Vaidyanathan Iyer said.
He added that organisations need to significantly invest in three core areas when it comes to cyber security – risk assessment based on business objectives, cognitive threat management and ensuring digital trust.
Mr. Iyer explained that in the digital era, cognitive security can provide both speed and scale for organisations to go about their digital transformation journey with minimal business disruptions.
“Cognitive security is designed to augment human intelligence and aid security professionals. The technology learns with each interaction to pro-actively detect, analyse and provide actionable insights into threats,” he said.
The report said major causes of data breaches in India comprised malicious or criminal attacks (51%), system glitch (27%) and human error (22%).
The mean time to identify the data breach has also increased to 221 days from 188 days, while the mean time to contain such breaches has decreased to 77 days from 78 days.
According to the report, data breaches in the U.S. are vastly more expensive – costing USD 8.19 million (about Rs. 56.46 crore), or more than double the average for worldwide companies in the study. Costs for data breaches in the U.S. increased by 130% over the past 14 years of the study, up from USD 3.54 million in the 2006 study.
Malicious data breaches cost companies in the study USD 4.45 million on average. This is over USD 1 million more than those originating from accidental causes such as system glitch and human error, the report said.
Inadvertent breaches from human error and system glitches still accounted for nearly half of the data breaches in the report, costing companies USD 3.5 million and USD 3.24 million, respectively.
Also, for the ninth year in a row, health-care organisations had the highest cost of a breach — nearly USD 6.5 million on average (over 60%more than other industries in the study).
The report found that the effects of a data breach are felt for years. While an average of 67% of data breach costs were realised within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach.
The longtail costs were higher in the second and third years for organisations in highly-regulated environments, such as health care, financial services, energy and pharmaceuticals, it added.
Cybercrime represents big money for cyber criminals, and unfortunately that equates to significant losses for businesses, Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services, said.
“With organisations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line – and focus on how they can reduce these costs,” Mr. Whitmore said.―The Hindu