PUNE: Symantec and Ponemon Institute recently released the 2013 'Cost of Data Breach Study: Global Analysis' report that reveals human errors and system problems caused two-thirds of global data breaches and three-fourths of data breaches in India in 2012, pushing the global average to Rs 7,360 per record.
Issues included employee mishandling of confidential data, lack of system controls, and violations of industry and government regulations. Heavily regulated fields including healthcare, finance and pharmaceutical incurred breach costs 70% higher than other industries. Following the global pattern, the cost per record for Indian organizations increased over the previous year, with Indian organizations incurring Rs 2,271 per compromised record in 2012.
However, organizations that appointed a chief information security officer (CISO) with enterprise-wide responsibilities, comprehensive incident response plans, and stronger overall security programmes, experienced reduced costs globally and in India.
"While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious," said Larry Ponemon, chairman, Ponemon Institute. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22% since the first survey."
"Given organizations with strong security postures and incident response plans experienced breach costs 20% less than others globally, the importance of a well-coordinated, holistic approach is clear," said Anand Naik, managing director - sales, India and Saarc, Symantec. "Companies must protect their customers' sensitive information no matterit resides, be it on a PC, mobile device, corporate network or data centre," he said.
Study said that human errors and system problems account for 64% of data breaches and 74% of breaches in India, while prior research shows that 62% of employees think it is acceptable to transfer corporate data outside the company and the majority never the data, leaving it vulnerable to data leaks.
This illustrates the large extent to which insiders contribute to data breaches and how costly that loss can be to organizations, said a press release issued on the study. "Brazilian companies were most likely to experience breaches caused by human error. Companies in India were the most likely to experience a data breach caused by a system glitch or business process failure. System glitches include application failures, inadvertent data dumps, logic errors in data transfer, identity or authentication failures (wrongful access), data recovery failures, and more," the release said.
It added that average cost per data breach varied widely worldwide. Many of these differences are due to the types of threats that organizations face, as well as the data protection laws in the respective countries. Some countries such as Germany, Australia, the United Kingdom and United States, have more established consumer protection laws and regulations to strengthen data privacy and cybersecurity.
"United States and Germany continue to incur the most costly data breaches (at an average cost per compromised record of Rs 10,174 and Rs 10,769 respectively). These two countries also had the highest total cost per data breach (United States at Rs 292.2 million and Germany at Rs 259.7 million). In India, the total average organizational cost of a breach increased to Rs 60.4 million in 2012," the release said.
The eighth annual global report is based on the actual data breach experiences of 277 companies in nine countries including the United States, United Kingdom, France, Germany, Italy, India, Japan, Australia, and Brazil.of the data breach incidents studied in the reports occurred in the 2012 calendar year.
In order to properly track trend data, the Ponemon Institute does not include "mega data breaches" of more than 1,00,000 compromised records. Companies can analyze their own risk by visiting Symantec's Data Breach Risk Calculator which takes the organization's size, industry, location and security practices into consideration for both a per record and an organizational estimate.
No comments:
Post a Comment