BANGALORE, INDIA: Symantec Corp. announced the results of the first annual Cost of a Data Breach Study among Indian organizations. The benchmark study, conducted by Ponemon Institute in partnership with Symantec, found data breaches have serious, quantifiable consequences. The average total cost of a breach to an organization was Rs. 53.5 million (5.35 crore), with malicious breaches by hackers or criminal insiders being the most expensive type at INR 4,224 for one compromised record.
“The value of data has never been greater, especially with organizations rapidly adopting new technologies to provide access to business information anywhere, at any time,” Anand Naik, managing director - sales, India and SAARC, Symantec. “On the other hand, the economic impact of a data breach is immense and necessitates C-level involvement, and adequate information protection policies and practices.”
Data breaches have quantifiable direct and indirect consequences
The study revealed that on average, it costs Indian organizations Rs. 2,105 for each lost or stolen record, with the average total organizational cost of a data breach being Rs. 53.5 million (5.35 crore). Costs incurred in notifying customers or the victims were the smallest component – Rs. 1.56 million (15.6 lakh) on an average.
In addition, costs incurred by victims to detect and escalate, and redress the data breach formed a significant component of the total average cost, averaging Rs. 16.4 million (1.64 crore) and Rs. 20.9 million (2.09 crore) respectively. Victims lost Rs. 14.6 million (1.46 crore) on average in lost business costs, suggesting that customers abandon the organization after a breach and rebuilding loyalty or maintaining reputation can be expensive.
Malicious/criminal attacks cause most expensive breaches
Over a third of victims (35 percent) experienced data breaches due to negligent insiders whose carelessness causes breaches. However, a smaller percentage (20 percent) experienced the most expensive cause of a data breach - hacking or malicious insider breaches, with organizations incurring a cost of Rs. 4,224 for every compromised record. Victims of malicious attacks experienced criminal insider breaches (75 percent) and theft of data bearing devices (50 percent).
Information protection best practices can reduce costs
Twenty-five percent of participating organizations have centralized the management of data protection with the appointment of a C-level security professional. The study found that organizations with a c-level security professional had an average per capita cost 46 percent less than organizations that do not have a c-level security professional.
The following best practices can help organizations better protect their confidential information and prevent data breaches:
* Assess risks by identifying and classifying confidential information.
* Adopt a strategic approach by deploying technologies such as data loss prevention technologies which enable policy compliance and enforcement.
* Implement two factor authentication.
* Proactively encrypt laptops to minimize consequences of a lost device.
* Educate employees on information protection policies and procedures, then hold them accountable.
* Implement an integrated security solution that includes reputation-based security, proactive threat protection, firewall and intrusion prevention in order to keep malware off endpoints.
* Integrate information protection practices into businesses processes.