‘India the most targeted country for data breaches’

The average cost incurred by Indian enterprises for a data breach has shot up to ₹9.73 crore this year from ₹8.85 crore last year, making India the most targeted country for data breaches in the world, says a study by IBM and the Ponemon Institute.

“If you go by the average number of records breached per country, the highest is India. In India, 31,225 records were breached in 2015 whereas 29,611 records got breached in the US. There was a 64 per cent increase in security incidents in India in 2015 compared to 2014, with incidents growing both in terms of volume and sophistication,” Vaidyanathan R Iyer, Business Unit Executive, IBM Security Solutions, told BusinessLine.

The number of breached records per incident this year in India ranged from 4,500 to 100,100 records. The study found that companies lose up to ₹3,704 per compromised record. Breaches in highly regulated industries were even more costly with financial institutions losing as much as ₹5,544 per record.

“There is a growing awareness around the importance of cybersecurity among Indian government organisations as well as enterprises. However, India’s high economic growth also makes it a big target for attacks,” Iyer said.

Iyer said the growth of cybersecurity insurance policies taken by enterprises in India highlights how they are trying everything to safeguard themselves from the impact of cyber attacks.

“Indian organisations are also not as well-equipped as maybe US companies, making them the most likely to experience a data breach caused by a system glitch or business process failure,” Iyer said.

Incident-response teams can expedite and streamline the process of responding to a breach, as they’re expert on what companies need to do once they realise they’ve been compromised. These teams address all aspects of the security operations and response lifecycle, from helping resolve the incident, to satisfying key industry concerns and regulatory mandates. Additionally, incident response technologies can automate this process to further speed up efficiency and response time.

The study also found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of ₹8.94 crore, for breaches that were found after the 100-day mark the average cost rose significantly, to ₹10.56 crore.

The most difficult incident to detect and contain is the malicious or criminal act (97 and 203 days), while data breaches caused by human error take the least time to identify and contain (69 and 139 days), the report said.

The ‘Cost of a Data Breach’ study annually examines both direct and indirect costs to companies in dealing with a single data breach incident. Through in-depth interviews with nearly 37 companies across the country, the study factors in costs associated with breach response activities, as well as reputational damage and the cost of lost business.