Data breaches cost Indian companies Rs 165 mn, rising 18% from 2020: Report

Breaches worldwide cost companies $4.24 million per incident on average, says an IBM study.

Data breaches cost companies $4.24 million per incident on average, said an IBM global study on Wednesday, marking the highest such expense in the 17-year history of the report.

For India, the average total cost of a data breach was Rs 165 million in the 2021: an increase of 17.85 per cent from last year. The findings were part of the annual Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analyzed by IBM Security.

Based on an analysis of data breaches experienced by over 500 organizations, the study said security incidents are becoming harder to contain due to drastic operational shifts during the pandemic. It said with costs due to security breaches increased 10 per cent compared to 2020.

"The rapid shift to remote work witnessed a tremendous disruption of security programs. Organizations were focused on getting online and security became an afterthought. India witnessed a record high in data breach during the Pandemic leading to many organizations evaluating their security posture,” said Prashant Bhatkal, Security Software Sales Leader, IBM Technology Sales, India/South Asia,

The study identified the following trends among organisations:

Remote work impact: The rapid shift to remote operations during the pandemic appears to have led to more expensive data breaches. Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.)

Healthcare breach costs: Industries that faced huge operational changes during the pandemic (healthcare, retail, hospitality, and consumer manufacturing/distribution) experienced a substantial increase in data breach costs year over year. Healthcare breaches cost the most by far, at $9.23 million per incident: a $2 million increase over the previous year.

Compromised credentials: Stolen user credentials were the most common root cause of breaches in the study. Customer personal data (such as name, email, password) was the most common type of information exposed in data breaches – with 44% of breaches including this type of data.

AI helps: The adoption of artificial intelligence (AI), security analytics, and encryption were the top three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools. For cloud-based data breaches studied, organizations that had implemented a hybrid cloud approach had lower data breach costs ($3.61m) than those who had a primarily public cloud ($4.80m) or primarily private cloud approach ($4.55m).

“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” said Chris McCurdy, Vice President and General Manager, IBM Security. “While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero-trust approach – which may pay off in reducing the cost of these incidents further down the line.”

Remote work, shift to cloud: The report found that factors such as remote working had a significant impact on data breach response. Nearly 20% of organizations studied reported that remote work was a factor in the data breach, and these breaches ended up costing companies $4.96 million (nearly 15% more than the average breach).

Companies that experienced a breach during a cloud migration project had 18.8% higher cost than average. However, the study also found that those who were further along in their overall cloud modernization strategy (“mature” stage) were able to detect and respond to incidents more effectively – 77 days faster on average than those who were in early-stage adoption.

Personal data exposed: Nearly half (44%) of the breaches analyzed exposed customer personal data, such as name, email, password, or even healthcare data – representing the most common type of breached record in the report.

Customer information: The loss of customer personal identifiable information (PII) was also the most expensive compared to other types of data ($180 per lost or stolen record vs $161 for overall per record average).

Investments in incident response teams and plans also reduced data breach costs amongst those studied. Companies with an incident response team that also tested their incident response plan had an average breach cost of $3.25 million, while those that had neither in place experienced an average cost of $5.71 million (representing a 54.9% difference.)