Light Dark
July 1, 2016 By Anish Srivastava 3 min read
Data Protection
CISO
Incident Response

Data breaches are increasing. Pick up any newspaper and, more often than not, there will be mention of a new data breach. Some are big and some are small, and most go undetected for long stretches of time. So what are the similarities between these data breaches? Other than the aspects such as brand reputation, customer churn and regulatory issues, there is a big financial impact as well. How much? What is the average cost of a data breach? What is the cost per record? Which industries are being impacted? How can this be reduced?

Cyberattacks in the Asia-Pacific region are rising at a particularly high rate. Is your defense in place? The Ponemon Institute’s “2016 Cost of Data Breach Study: Global Analysis,” which was sponsored by IBM, answers these questions and many more.

What Do the Numbers Say?

It is fascinating to see findings of the global data breach report. Some key takeaways included:

  • Health care experienced the most expensive per-record cost of a data breach compared to other industries at $355 per record.
  • About 48 percent of data breaches were caused by malicious attacks from people both inside and outside of the organization.
  • Nearly 25 percent of breaches were associated with human error.
  • The single biggest factor in reducing the cost of a data breach was having an incident response team in place, which decreased the cost by nearly $400,000.

Download the Ponemon Institute 2016 Global Cost of a Data Breach Study

How Does the Asia-Pacific Market Look?

The above findings are based on data collected from organizations across the globe. We can zoom in a little more to see what the numbers look like in the Asia-Pacific region, specifically the two markets of Australia and India.

The report examined 63 organizations across 12 industries, focusing on the time after these companies experienced the loss or theft of protected personal data and had to notify victims and/or regulators as required by law. It is important to note that the costs presented in this research are from actual data loss incidents. They are based on estimates collected over a 10-month period.

Analyzing the costs with which these Asia-Pacific organizations were faced led to some interesting findings:

  • The cost of a data breach is steadily increasing. In India, the average total cost of a data breach increased from 88.5 million Indian rupees in 2015 to 97.3 million rupees in 2016 — a 10 percent spike. Australia, however, bucked the trend, with the cost of data breach falling marginally from $2.8 million in 2015 to $2.6 million in 2016.
  • Certain industries have higher breach costs In India, financial institutions, services, and industrial and technology companies had a per-capita cost well above the mean. In comparison, the public sector and research institutions had a per-capita cost significantly below the mean.
  • Malicious or criminal attacks were the primary root causes of data breaches. More than 41 percent of companies experienced a data breach as the result of malicious or criminal attacks. A similar trend was seen in the Association of Southeast Asian Nations (ASEAN) and Korea. Meanwhile, in India, 35 percent of organizations experienced system glitches, compared to 27 percent in Australia. Twenty-four percent of incidents in India involved employee or contractor negligence (aka the human factor) compared to 27 percent in Australia.
  • Industries with higher breach costs are more vulnerable to churn. In 2016, financial services and technology companies experienced relatively high abnormal churn, and public sector and energy companies experienced a relatively low abnormal churn.

Additionally, based on the India and Australia data, detection and escalation costs increased significantly. Notification costs also increased along with post-breach expenditures. It also led to increased customer acquisition activities, reputation losses and diminished goodwill.

Can the Cost of a Data Breach Be Reduced?

There is a silver lining: Steps can be taken to reduce the cost of a data breach. Here are the top five factors that can help decrease the cost:

  • Having an incident response team;
  • Extensive use of encryption;
  • Participation in threat sharing;
  • Employee security awareness and training; and
  • Appointing a CISO.

Unfortunately, it’s not always possible for an organization to take these measures by themselves because of issues related to people or a lack of security-skilled personnel. There are also obstacles relating to the process, such as having the right security policies in place, and technology, or having the right set of tools to do the job.

While you need to take the right steps to protect your organization from bad actors, you should not miss out on the detection and response aspects as well. These are the three legs of the security tripod.

In most cases, having an external partner with expertise in security is recommended. Look for a partner that has received analyst recognition, with proven capability in the security space and a complete portfolio to address your security needs. Your partner should have trained and certified consultants who can help you. Additionally, having a global presence is an added advantage since you can benefit from the best practices adopted in a different part of world.

As the cost of data breach rises, so should your defense mechanisms. Download the full data breach report today and stay ahead of the curve.

 |  | 
Anish Srivastava
Partner, Asia Pacific IBM Security Services, IBM

More from Data Protection
March 27, 2024

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

March 12, 2024

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature