Data breaches are increasing. Pick up any newspaper and, more often than not, there will be mention of a new data breach. Some are big and some are small, and most go undetected for long stretches of time. So what are the similarities between these data breaches? Other than the aspects such as brand reputation, customer churn and regulatory issues, there is a big financial impact as well. How much? What is the average cost of a data breach? What is the cost per record? Which industries are being impacted? How can this be reduced?

Cyberattacks in the Asia-Pacific region are rising at a particularly high rate. Is your defense in place? The Ponemon Institute’s “2016 Cost of Data Breach Study: Global Analysis,” which was sponsored by IBM, answers these questions and many more.

What Do the Numbers Say?

It is fascinating to see findings of the global data breach report. Some key takeaways included:

  • Health care experienced the most expensive per-record cost of a data breach compared to other industries at $355 per record.
  • About 48 percent of data breaches were caused by malicious attacks from people both inside and outside of the organization.
  • Nearly 25 percent of breaches were associated with human error.
  • The single biggest factor in reducing the cost of a data breach was having an incident response team in place, which decreased the cost by nearly $400,000.

Download the Ponemon Institute 2016 Global Cost of a Data Breach Study

How Does the Asia-Pacific Market Look?

The above findings are based on data collected from organizations across the globe. We can zoom in a little more to see what the numbers look like in the Asia-Pacific region, specifically the two markets of Australia and India.

The report examined 63 organizations across 12 industries, focusing on the time after these companies experienced the loss or theft of protected personal data and had to notify victims and/or regulators as required by law. It is important to note that the costs presented in this research are from actual data loss incidents. They are based on estimates collected over a 10-month period.

Analyzing the costs with which these Asia-Pacific organizations were faced led to some interesting findings:

  • The cost of a data breach is steadily increasing. In India, the average total cost of a data breach increased from 88.5 million Indian rupees in 2015 to 97.3 million rupees in 2016 — a 10 percent spike. Australia, however, bucked the trend, with the cost of data breach falling marginally from $2.8 million in 2015 to $2.6 million in 2016.
  • Certain industries have higher breach costs In India, financial institutions, services, and industrial and technology companies had a per-capita cost well above the mean. In comparison, the public sector and research institutions had a per-capita cost significantly below the mean.
  • Malicious or criminal attacks were the primary root causes of data breaches. More than 41 percent of companies experienced a data breach as the result of malicious or criminal attacks. A similar trend was seen in the Association of Southeast Asian Nations (ASEAN) and Korea. Meanwhile, in India, 35 percent of organizations experienced system glitches, compared to 27 percent in Australia. Twenty-four percent of incidents in India involved employee or contractor negligence (aka the human factor) compared to 27 percent in Australia.
  • Industries with higher breach costs are more vulnerable to churn. In 2016, financial services and technology companies experienced relatively high abnormal churn, and public sector and energy companies experienced a relatively low abnormal churn.

Additionally, based on the India and Australia data, detection and escalation costs increased significantly. Notification costs also increased along with post-breach expenditures. It also led to increased customer acquisition activities, reputation losses and diminished goodwill.

Can the Cost of a Data Breach Be Reduced?

There is a silver lining: Steps can be taken to reduce the cost of a data breach. Here are the top five factors that can help decrease the cost:

  • Having an incident response team;
  • Extensive use of encryption;
  • Participation in threat sharing;
  • Employee security awareness and training; and
  • Appointing a CISO.

Unfortunately, it’s not always possible for an organization to take these measures by themselves because of issues related to people or a lack of security-skilled personnel. There are also obstacles relating to the process, such as having the right security policies in place, and technology, or having the right set of tools to do the job.

While you need to take the right steps to protect your organization from bad actors, you should not miss out on the detection and response aspects as well. These are the three legs of the security tripod.

In most cases, having an external partner with expertise in security is recommended. Look for a partner that has received analyst recognition, with proven capability in the security space and a complete portfolio to address your security needs. Your partner should have trained and certified consultants who can help you. Additionally, having a global presence is an added advantage since you can benefit from the best practices adopted in a different part of world.

As the cost of data breach rises, so should your defense mechanisms. Download the full data breach report today and stay ahead of the curve.

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…