The average cost of data breach in 2017 is $3.62 million: IBM and Ponemon Institute
IBM Security has declared the results of a global study analyzing the financial impact of data breaches to a company’s bottom line and the report was sponsored by IBM and conducted by the Ponemon Institute which found that the average cost of a data breach for the Indian companies surveyed has grown from Rs.97.3 million in 2016 to Rs.110.0 million in 2017 in India. Globally, the average cost of a data breach in 2017 is $3.62 million, a 10% decline from 2016. European countries saw a 26% decrease from 2016, whereas the U.S. registered a 5% increase comparatively.
IBM and Ponemon Institute examined Indian companies across 13 industry sectors which experienced the loss or theft of protected personal data and the notification of breach victims as per law. The per capita cost of data breach increased significantly from Rs.3,704 in 2016 to Rs.4,210 per compromised record. The number of breached records per incident for Indian organizations surveyed in this year’s report ranged from 4,000 to 98,000 compromised records. The average number of breached records was 33,167 as per the study. Malicious or criminal attacks were the cause of data breach for 41% of companies surveyed. About 33% experienced a data breach as a result of system glitches and 26% breaches involved employee or contractor negligence (i.e. human factor).
Additional key findings and implications for organizations in India were:
· Malicious or criminal attacks are the costliest incidents: Data breaches caused by malicious or criminal attacks cost companies Rs.5,100 per compromised record. System glitches and negligence (i.e. human error) cost Rs.3,545 and Rs.3,651 per record, respectively.
· The more churn, the higher the cost of data breach: The highest cost as a result of customer churn was Rs.125.1 million for companies whose churn rate was between 3 and 4 per cent. The lowest was Rs.91.6 million for companies whose churn rate was less than 1 per cent.
· Certain industries are more vulnerable to churn: In this year’s study, financial, technology and services industries experienced a relatively high abnormal churn. In contrast, public sector (government) and retail companies experienced a relatively low abnormal churn.
· Detection and escalation costs increase: Such costs typically include forensic and investigative activities, assessment and audit services, crisis team management and communications to executive management and boards of directors. Average detection and escalation costs increased from Rs.32.4 million in 2016 to Rs.36.7 million in 2017.
· The time to identify and contain data breaches impact costs: In this year’s study, it took companies an average of 170 days to detect that an incident occurred and an average of 72 days to contain it. If the mean time to identify (MTTI) was less than 100 days, the average cost to identify was Rs.85.3 million. However, if the time to identify was greater than 100 days the cost rose significantly to Rs.134.6 million. If the mean time to contain (MTTC) the breach was less than 30 days, the average cost was Rs.96.3 million. If it took 30 days or longer, the cost rose significantly increased to Rs.123.6 million.
To reduce the risks and consequences of a data breach, companies should consider investing in an incident response plan, the extensive use of encryption and threat intelligence sharing. The most popular measures or steps taken after the data breach continue to be:
· Training and awareness programs (56%)
· Additional manual procedures and controls (55%)
· The expanded use of encryption (40%)
· Security intelligence systems (41%)
“The Cost of Data Breach study clearly outlines the rapidly changing threat scenario through a significant rise in both number and sophistication of breaches. With cloud services being the key for digital enterprise transformation, securing data on cloud is of top priority. Cloud Security and cognitive driven security services are going to be defining trends in the next years," said Kartik Shahani, Integrated Security Leader, India/South Asia at IBM. “Enterprises need to ensure that robust security practices are adopted, incident response plans are in place and regular security training given to all stakeholders of the company.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.