Data breaches are costing India firms dearly: the average total cost of data breach increased to Rs. 97.3M in 2016 from Rs. 88.5M, revealed a report sponsored by IBM and conducted by the Ponemon Institute.
As threats grow in both volume and sophistication, the cost to companies continues to rise. In 2015 64% more security incidents were compared to 2014.
The study further reveals that companies lose up to Rs. 3,704 per compromised record, while in highly regulated industries the breaches were even more costly: breaches in financial institutions had a per capita cost of Rs. 5,544 which is well above the mean of Rs. 3,700.
Slow Response and Lack of Planning Cost Companies Greatly
While data breaches due to third party errors or extensive migration to the cloud increase the per capita cost, according to the study, leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach – from INR 3,704 to INR 2,498 on average. In contrast, third party involvement in the cause of the data breach increased the average cost to as much as INR 4,622.
Each one of these steps takes countless hours of commitment from staff members, taking time away from their normal responsibilities and wasting valuable human resources to the business.
Incident response teams can expedite and streamline the process of responding to a breach, as they’re experts on what companies need to do once they realize they’ve been compromised. These teams address all aspects of the security operations and response lifecycle, from helping resolve the incident, to satisfying key industry concerns and regulatory mandates. Additionally, incident response technologies can automate this process to further speed efficiency and response time.
The study also found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of INR 89.4 million, breaches that were found after the 100 day mark the average cost rose significantly to INR 105.6 million.
The most difficult incident to detect and contain is the malicious or criminal act (97 and 203 days), while data breaches caused by human error take the least time to identify and contain (69 and 139 days).
Analyzing the Cost of a Data Breach
The annual Cost of a Data Breach study examines both direct and indirect costs to companies in dealing with a single data breach incident. Through in depth interviews with nearly 37 companies across the country, the study factors in costs associated with breach response activities, as well as reputational damage and the cost of lost business.