Hidden costs of data breaches increase expenses for Indian businesses: IBM study
Average cost of data breach in India saw a 7.9% rise to ₹11.9 crore in 2017-18, says a study by IBM Security
The average cost of data breach in India saw a 7.9% rise to ₹11.9 crore in 2017-18, while the average per-capita cost per lost or stolen record rose 7.8% to ₹4,552, showed an IBM Security report released on Wednesday. The global study examines the financial impact of a data breach on a company’s bottom line.
According to the findings, malicious or criminal attacks were the root cause for 42% of data breaches in India, followed by glitches in the system at 30% and human error at 28%. The mean time to identify a data breach increased from 170 to 188 days. While malicious or criminal attacks took 219 days on an average to be identified, system glitches took 175 days and human errors 155 days.
According to the report, the mean time to contain a data breach increased from 72 to 78 days—malicious or criminal attacks took 99 days followed by system glitches and human errors taking 65 days and 60 days, respectively.
The study found that the overall hidden costs, such as lost business, negative impact on reputation, and employee time spent on recovery, were huge and difficult to manage.
Calculating cost of a mega breach
In the past five years, the amount of mega breaches (loss of over 1 million records) has nearly doubled, from just nine in 2013 to 16 in 2017. In terms of cost, the average cost of a data breach of 1 million compromised records is nearly $40 million. At 50 million records, the estimated cost of a breach is $350 million. The vast majority of these breaches (10 out of 11) stemmed from malicious and criminal attacks.
For mega breaches, the biggest expense category was costs associated with lost business, which was estimated at nearly $118 million for breaches of 50 million records.
The report also examined the effect of security automation tools, which use artificial intelligence, machine learning and analytics to augment or replace human intervention in the identification and containment of a breach. It said organisations, which had extensively deployed automated security technologies, saved a lot of money. “The threat scenario shows a significant rise in both the number and sophistication of breaches in this year’s report, which is alarming as it continues to rise in India,” said Vikas Arora, chief transformation officer, IBM India and South Asia.