Single data breach costs nearly Rs 12 crore in India: IBM study

Bengaluru: The estimated average cost of a data breach in India went up to Rs 11.9 crore in 2017 — a nearly eight per cent increase from 2016, an IBM study revealed on Wednesday.

Malicious or criminal attacks were the root cause for 42 per cent of data breaches, according to the 2018 edition of the “Cost of a Data Breach” study conducted by US-based Ponemon Institute on behalf of IBM Security.

An estimated per capita cost per lost or stolen records reported last year was Rs 4,552 — a 7.8 per cent increase from the previous report.

“The threat scenario shows a significant rise in both number and sophistication of breaches in this year’s report, which is alarming as it continues to rise in India,” Vikas Arora, Chief Transformation Officer, IBM India/South Asia, said in a statement.

Based on in-depth interviews with nearly 500 companies globally that experienced a data breach, the study analysed hundreds of cost factors surrounding a breach, from technical investigations and recovery, to notifications, legal and regulatory activities, and cost of lost business and reputation.

The global average cost of a data breach is up 6.4 per cent over the previous year to $3.86 million, the report said.

The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 per cent year over year to $148, the findings showed.

Overall, the study found that hidden costs in data breaches — such as lost business, negative impact on reputation and employee time spent on recovery — are difficult and expensive to manage.

For example, the study found that one-third of the cost of “mega breaches” — involving over one million lost records — were derived from lost business.

In the past five years, the amount of mega breaches has nearly doubled, from just nine mega breaches in 2013 to 16 mega breaches in 2017.

The study also calculated the costs associated mega breaches ranging from one million to 50 million records lost, projecting that these breaches cost companies between $40 million and $350 million, respectively.

For mega breaches, the biggest expense category was costs associated with lost business, which were estimated at nearly $118 million for breaches of 50 million records — almost a third of the total cost of a breach this size.

The findings showed that data breaches are most costly in the US and the Middle East, and least costly in Brazil and India.