Organisations in India lost Rs 12.8 cr on average to data breaches in Jul '18-Apr '19: IBM
New Delhi: Data breaches cost organisations in India about Rs 12.8 crore on average between July 2018 and April 2019, according to a report sponsored by tech giant IBM.
The global average total cost of a data breach was USD 3.92 million (about Rs 27.03 crore) with the average size of the breach being 25,575 records. In India, the per capita cost per lost or stolen record was at Rs 5,019, compared USD 150 per record globally. On average, 35,636 records were compromised in a data breach in India - which ranked 15th in terms of total cost of the breach. The findings are part of the 2019 Cost of a Data Breach Report, conducted by the Ponemon Institute, and sponsored by IBM Security.
For the report, the Ponemon Institute interviewed over 500 organisations that have experienced a breach between July 2018 and April 2019. The analysis takes into account cost factors from legal regulatory activities to loss of brand equity, customer turnover and the drain on employee productivity. "India is witnessing a significant change in the nature of cybercrimes, it is now extremely organised and collaborative. The cost of data breach continues to grow...," IBM India/South Asia Security Software Leader Vaidyanathan Iyer said.
He added that organisations need to significantly invest in three core areas when it comes to cybersecurity -- risk assessment based on business objectives, cognitive threat management and ensuring digital trust. Iyer explained that in the digital era, cognitive security can provide both speed and scale for organisations to go about their digital transformation journey with minimal business disruptions. "Cognitive security is designed to augment human intelligence and aid security professionals. The technology learns with each interaction to proactively detect, analyse and provide actionable insights into threats," he said.
The report said major causes of data breaches in India comprised malicious or criminal attacks (51 per cent), system glitch (27 per cent) and human error (22 per cent). The mean time to identify the data breach has also increased to 221 days from 188 days, while the meantime to contain such breaches has decreased to 77 days from 78 days. According to the report, data breaches in the US are vastly more expensive - costing USD 8.19 million (about Rs 56.46 crore), or more than double the average for worldwide companies in the study. Costs for data breaches in the US increased by 130 per cent over the past 14 years of the study, up from USD 3.54 million in the 2006 study. Malicious data breaches cost companies in the study USD 4.45 million on average.
This is over USD 1 million more than those originating from accidental causes such as system glitch and human error, the report said. Inadvertent breaches from human error and system glitches still accounted for nearly half of the data breaches in the report, costing companies USD 3.5 million and USD 3.24 million, respectively. Also, for the ninth year in a row, healthcare organisations had the highest cost of a breach – nearly USD 6.5 million on average (over 60 per cent more than other industries in the study). The report found that the effects of a data breach are felt for years. While an average of 67 per cent of data breach costs was realised within the first year after a breach, 22 per cent accrued in the second year and another 11 per cent accumulated more than two years after a breach.
The longtail costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals, it added. Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses, Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services, said. "With organisations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line - and focus on how they can reduce these costs," Whitmore said.