A study by Symantec and Ponemon institute on “Cost of Data Breach Study: Global Analysis-2013” has provided some interesting insights into the efficacy of information security and consequences of data breach. The study covers data breach incidents which occurred in 2012.
The study estimated that the global average cost of data breach is Rs 7360/- per compromised record. In India the estimated cost of data breach is Rs 2271/- per compromised record. This is an increase from Rs 2105/- in the previous year showing an annual increase of around 8%. The Indian study covered 28 companies in 11 industries. The size of data breach ranged between 4500 to more than 95000
For the purpose of the study, a “Record” is a unit of information that identifies an individual whose personal information has been compromised.
While system glitches was the primary root cause of data breach causing 46% of the breaches, 29% of the breaches were caused by employee negligence. 25% of the data breaches were caused by malicious attacks.
The criminal activities resulted in the highest per data breach cost at Rs 2470/- per record as against Rs 2150/- for losses arising out of system glitches and Rs 2294/- arising out of employee negligence.
Costs of data breach differed across industries with Financial industries recording a significantly higher per capita loss of Rs 4890/- per record. Loss at Technology companies was placed at Rs 3219/- per record.
Increase in the cost of Data breaches caused by sub contractors and business partners was estimated at Rs 307/- per record. At the same time if the organization had a formal incident response plan and a strong security posture with a CISO and external consultant, the data breach cost reduced by Rs 195/- per record. (8.6%).
It may be noted that the study does not cover “Catastrophic breaches” and hence data breaches of more than 100000 compromised records were not included in the study.
The study is a significant step towards understanding the real impact of Cyber crimes on the industry and should be an eye opener for the Cyber Crime Insurance industry.