Data breaches are increasing. Pick up any newspaper and, more often than not, there will be mention of a new data breach. Some are big and some are small, and most go undetected for long stretches of time. So what are the similarities between these data breaches? Other than the aspects such as brand reputation, customer churn and regulatory issues, there is a big financial impact as well. How much? What is the average cost of a data breach? What is the cost per record? Which industries are being impacted? How can this be reduced?

Cyberattacks in the Asia-Pacific region are rising at a particularly high rate. Is your defense in place? The Ponemon Institute’s “2016 Cost of Data Breach Study: Global Analysis,” which was sponsored by IBM, answers these questions and many more.

What Do the Numbers Say?

It is fascinating to see findings of the global data breach report. Some key takeaways included:

  • Health care experienced the most expensive per-record cost of a data breach compared to other industries at $355 per record.
  • About 48 percent of data breaches were caused by malicious attacks from people both inside and outside of the organization.
  • Nearly 25 percent of breaches were associated with human error.
  • The single biggest factor in reducing the cost of a data breach was having an incident response team in place, which decreased the cost by nearly $400,000.

Download the Ponemon Institute 2016 Global Cost of a Data Breach Study

How Does the Asia-Pacific Market Look?

The above findings are based on data collected from organizations across the globe. We can zoom in a little more to see what the numbers look like in the Asia-Pacific region, specifically the two markets of Australia and India.

The report examined 63 organizations across 12 industries, focusing on the time after these companies experienced the loss or theft of protected personal data and had to notify victims and/or regulators as required by law. It is important to note that the costs presented in this research are from actual data loss incidents. They are based on estimates collected over a 10-month period.

Analyzing the costs with which these Asia-Pacific organizations were faced led to some interesting findings:

  • The cost of a data breach is steadily increasing. In India, the average total cost of a data breach increased from 88.5 million Indian rupees in 2015 to 97.3 million rupees in 2016 — a 10 percent spike. Australia, however, bucked the trend, with the cost of data breach falling marginally from $2.8 million in 2015 to $2.6 million in 2016.
  • Certain industries have higher breach costs In India, financial institutions, services, and industrial and technology companies had a per-capita cost well above the mean. In comparison, the public sector and research institutions had a per-capita cost significantly below the mean.
  • Malicious or criminal attacks were the primary root causes of data breaches. More than 41 percent of companies experienced a data breach as the result of malicious or criminal attacks. A similar trend was seen in the Association of Southeast Asian Nations (ASEAN) and Korea. Meanwhile, in India, 35 percent of organizations experienced system glitches, compared to 27 percent in Australia. Twenty-four percent of incidents in India involved employee or contractor negligence (aka the human factor) compared to 27 percent in Australia.
  • Industries with higher breach costs are more vulnerable to churn. In 2016, financial services and technology companies experienced relatively high abnormal churn, and public sector and energy companies experienced a relatively low abnormal churn.

Additionally, based on the India and Australia data, detection and escalation costs increased significantly. Notification costs also increased along with post-breach expenditures. It also led to increased customer acquisition activities, reputation losses and diminished goodwill.

Can the Cost of a Data Breach Be Reduced?

There is a silver lining: Steps can be taken to reduce the cost of a data breach. Here are the top five factors that can help decrease the cost:

  • Having an incident response team;
  • Extensive use of encryption;
  • Participation in threat sharing;
  • Employee security awareness and training; and
  • Appointing a CISO.

Unfortunately, it’s not always possible for an organization to take these measures by themselves because of issues related to people or a lack of security-skilled personnel. There are also obstacles relating to the process, such as having the right security policies in place, and technology, or having the right set of tools to do the job.

While you need to take the right steps to protect your organization from bad actors, you should not miss out on the detection and response aspects as well. These are the three legs of the security tripod.

In most cases, having an external partner with expertise in security is recommended. Look for a partner that has received analyst recognition, with proven capability in the security space and a complete portfolio to address your security needs. Your partner should have trained and certified consultants who can help you. Additionally, having a global presence is an added advantage since you can benefit from the best practices adopted in a different part of world.

As the cost of data breach rises, so should your defense mechanisms. Download the full data breach report today and stay ahead of the curve.

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read