Data breaches cost Indian firms Rs 12.8 crore: Report

New Delhi: Data breaches cost organisations in India about Rs 12.8 crore on average between July 2018 and April this year, according to a report sponsored by tech giant IBM.

The global average total cost of data breach was $3.92 million (about Rs 27.03 crore) with the average size of the breach being 25,575 records.

In India, the per capita cost per lost or stolen record was at Rs 5,019, compared $150 per record globally. On an average, 35,636 records were compromised in a data breach in India that ranked 15th in terms of total cost of breach.

The findings are part of the 2019 Cost of a Data Breach Report, conducted by the Ponemon Institute, and sponsored by IBM Security.

For the report, the Ponemon Institute interviewed over 500 organisations that have experienced a breach between July 2018 and April.

The analysis takes into account cost factors from legal an regulatory activities to loss of brand equity, customer turnover and the drain on employee productivity.

The report said major causes of data breaches in India comprised malicious or criminal attacks (51 per cent), system glitch (27 per cent) and human error (22 per cent).

The mean time to identify the data breach has also increased to 221 days from 188 days, while the mean time to contain such breaches has decreased to 77 days from 78 days.

According to the report, data breaches in the US are vastly more expensive – costing $8.19 million (about Rs 56.46 crore), or more than double the average for worldwide companies in the study. Costs for data breaches in the US increased by 130 per cent over the past 14 years of the study, up from $3.54 million in the 2006 study.

Malicious data breaches cost companies in the study $4.45 million on average. This is over $1 million more than those originating from accidental causes such as system glitch and human error, the report said.

Inadvertent breaches from human error and system glitches still accounted for nearly half of the data breaches in the report, costing companies $3.5 million and $3.24 million, respectively.

Also, for the ninth year in a row, health-care organisations had the highest cost of a breach – nearly $6.5 million on average (over 60 per cent more than other industries in the study).

The report found that the effects of a data breach are felt for years. While an average of 67 per cent of data breach costs were realised within the first year after a breach, 22 per cent accrued in the second year and another 11 per cent accumulated more than two years after a breach.

The longtail costs were higher in the second and third years for organisations in highly-regulated environments, such as health care, financial services, energy and pharmaceuticals, it added.

“Cybercrime represents big money for cyber criminals, and unfortunately that equates to significant losses for businesses,” global lead for IBM X-Force Incident Response and Intelligence Services, Wendi Whitmore, said.

“With organisations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line – and focus on how they can reduce these costs,” Whitmore said.

“India is witnessing a significant change in the nature of cyber crimes, it is now extremely organised and collaborative. The cost of data breach continues to grow,” Security Software Leader-India/South Asia, IBM, Vaidyanathan Iyer, said.