Bengaluru, Karnataka, India - 20 Jun 2017: IBM Security has unveiled the results of a global study analyzing the financial impact of data breaches to a company’s bottom line. Sponsored by IBM and conducted by the Ponemon Institute, the study found that the average cost of a data breach for the Indian companies surveyed has grown from 97.3 million INR in 2016 to 110.0 million INR in 2017 in India. Globally, the average cost of a data breach in 2017 is $3.62 million, a 10% decline from 2016. European countries saw a 26% decrease from 2016, whereas US registered a 5% increase comparatively.
IBM and Ponemon Institute examined Indian companies across 13 industry sectors who experienced the loss or theft of protected personal data and the notification of breach victims as per law. The per capita cost of data breach increased significantly from 3,704 INR (Indian rupees) in 2016 to 4,210 INR per compromised record. The number of breached records per incident for Indian organizations surveyed in this year’s report ranged from 4,000 to 98,000 compromised records. The average number of breached records was 33,167 as per the study.
Malicious or criminal attacks were the cause of data breach for 41% of companies surveyed. About 33% experienced a data breach as a result of system glitches and 26% breaches involved employee or contractor negligence (i.e. human factor).
“The Cost of Data Breach study clearly outlines the rapidly changing threat scenario througha significant rise in both number and sophistication of breaches. With cloud services being the key for digital enterprise transformation, securing data on cloud is of top priority. Cloud Security and cognitive driven security services are going to be defining trends in the next years," said Kartik Shahani, Integrated Security Leader, India/South Asia at IBM. “Enterprises need to ensure that robust security practices are adopted, incident response plans are in place and regular security training given to all stakeholders of the company.”
Additional key findings and implications for organizations in India were:
Trends in practices to reduce the risk and consequence of a data breach
Companies reported higher costs to respond to and remediate a data breach. To reduce the risks and consequences of a data breach, companies should consider investing in an incident response plan, the extensive use of encryption and threat intelligence sharing.
The most popular measures or steps taken after the data breach continue to be: