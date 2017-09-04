Shubham Raj

Moneycontrol News

Globally, companies are still losing a huge amount of money because of data breaches. According to a Cost of Data Breach Study conducted by Ponemon Institute, the participating 419 companies lost USD 3.63 million on an average in FY2017. This, however, is less than what companies lost during the last year as the cost decreased by 10 percent.

The per capita cost of data breaches was found to be the highest in the US (USD 225) and Canada (USD 190) owing largely to high detection, notification and post data breach response cost. On the other hand, companies in Brazil (USD 79) and India (USD 64) incur lowest per capita data breach cost. Per capita cost implies total cost divided by the total number of data breaches.

Indian companies lost Rs 110 million due to data breaches in 2016-17. Read the full report here

India also featured at the bottom for notification costs. Notification costs include the creation of contact databases, determination of all regulatory requirements, engagement of outside experts, postal expenditures, email bounce-backs and inbound communication setups.

Indian companies experienced the most number of breaches (average 33,167) during the year, almost double that of Australia. India (with South Africa) was also predicted as most likely to experience a material data breach (minimum of 1,000 lost or stolen records) over the next 24 months. Adding to the worries, Indian organisations were the most likely to experience a data breach due to a system glitch or business process failure.

Source: Statista

Almost half of the breaches were caused by hackers with malicious or criminal intent. One-fourth of the data breaches were a result of human errors. Rest were caused by system glitches. Not surprisingly, malicious attackers hurt the companies the most. The per capita cost of data breaches due to malicious or criminal attacks was pegged at USD 156, significantly higher than the per capita cost of breaches caused by system glitches and human factors (USD 128 and USD 126, respectively).

The data breach at Yahoo detected in 2016, compromised more than 1.5 billion records. Similarly, MySpace, eBay and LinkedIn have also suffered from massive data leaks. More often than not, these data breaches are uncovered when the information contained is put on sale on the dark net.

Source: Statista

The cost of data breaches is also dependent on the time taken to identify and contain the data breaches. For example, Yahoo’s data which was leaked contained information dating back to 2013. The study shows, if companies can identify the breach in less than 100 days, the cost would drop at least 26 percent. Similarly, if companies take less than 30 days to contain the breach, the cost would drop by one-fourth.

Japanese companies are most prone to loss of customers due to breaches, followed by Italy. Brazil and ASEAN countries are least affected in terms of loss of customers. Categorising by industry, financial organisations lose close to 6 percent of their customers due to data breaches, followed by health. On the other end, education sector loses less than one percent.

Interestingly, the study revealed that cloud services and mobile phones are not helping the companies either. "Disruptive technologies, access to cloud-based applications and data as well as the use of mobile devices (including BYOD and mobile apps) increase the complexity of dealing with IT security risks and data breaches....cloud migration at the time of the data breach and mobile platforms were shown to increase the cost," said the report.

The Ponemon Institute study was sponsored by IBM Security. The highest number of participating companies was from the US and the UK. Total 39 countries from India also took part in the study.