NEW DELHI, INDIA: The average cost of a data breach for the Indian companies has grown from Rs 97.3 million in 2016 to Rs 110.0 million in 2017 (a rise of 12.3%), while globally, the average cost of a data breach in 2017 is $3.62 million, a 10% decline from 2016, according to an IBM study.
European countries also saw a 26% decrease from 2016, whereas US registered a 5% increase comparatively.
Malicious or criminal attacks were the cause of data breach for 41% of companies surveyed. About 33% experienced a data breach as a result of system glitches and 26% breaches involved employee or contractor negligence (i.e. human factor).
IBM and Ponemon Institute examined Indian companies across 13 industry sectors who experienced the loss or theft of protected personal data and the notification of breach victims as per law. The per capita cost of data breach increased significantly from Rs 3,704 in 2016 to Rs 4,210 per compromised record. The number of breached records per incident for Indian organizations surveyed in this year’s report ranged from 4,000 to 98,000 compromised records. The average number of breached records was 33,167 as per the study.
“The Cost of Data Breach study clearly outlines the rapidly changing threat scenario through a significant rise in both number and sophistication of breaches. With cloud services being the key for digital enterprise transformation, securing data on cloud is of top priority. Cloud Security and cognitive driven security services are going to be defining trends in the next years," said Kartik Shahani, Integrated Security Leader, India/South Asia at IBM. “Enterprises need to ensure that robust security practices are adopted, incident response plans are in place and regular security training given to all stakeholders of the company.”
Additional key findings and implications for organizations in India were:
Malicious or criminal attacks are the costliest incidents: Data breaches caused by malicious or criminal attacks cost companies Rs 5,100 per compromised record. System glitches and negligence (i.e. human error) cost Rs 3,545 and Rs 3,651 per record, respectively.
The more churn, the higher the cost of data breach: The highest cost as a result of customer churn was Rs 125.1 million for companies whose churn rate was between 3 and 4 percent. The lowest was Rs 91.6 million for companies whose churn rate was less than 1 percent.
Certain industries are more vulnerable to churn: In this year’s study, financial, technology and services industries experienced a relatively high abnormal churn. In contrast, public sector (government) and retail companies experienced a relatively low abnormal churn.
Detection and escalation costs increase: Such costs typically include forensic and investigative activities, assessment and audit services, crisis team management and communications to executive management and boards of directors. Average detection and escalation costs increased from Rs 32.4 million in 2016 to Rs 36.7 million in 2017.
The time to identify and contain data breaches impact costs: In this year’s study, it took companies an average of 170 days to detect that an incident occurred and an average of 72 days to contain it. If the mean time to identify (MTTI) was less than 100 days, the average cost to identify was Rs 85.3 million. However, if the time to identify was greater than 100 days the cost rose significantly to Rs 134.6 million. If the mean time to contain (MTTC) the breach was less than 30 days, the average cost was Rs 96.3 million. If it took 30 days or longer, the cost rose significantly increased to Rs 123.6 million.