The value of data is appreciating, especially with organizations rapidly adopting new technologies to provide access to business information anywhere, at any time. This means threats to data or information translate into business risks to business. These risks, related to reputation, customer loyalty, finance and legal, are not only serious but also quantifiable. The first benchmark Cost of Data Breach Study in India, conducted by the Ponemon Institute on behalf of Symantec, revealed that the average organizational cost of a data breach in India is INR 53.4 million (53.4 crore), with malicious breaches by hackers or criminal insiders being the most expensive type at INR 4,224 for one compromised record.
The report further components of the total cost: detection, escalation and redressal formed a significant component, averaging INR 16.4 million (1.64 crore) and INR 20.9 million (2.09 crore) respectively. Victims lost INR 14.6 million (1.46 crore) on average in lost business costs, suggesting that customers abandon the organization after a breach and rebuilding loyalty or maintaining reputation can be expensive.
While instances of large-scale, sophisticated malicious attacks abound in the media, there is a silent, often overlooked danger: the threat from within. Criminal insiders contribute to the most expensive types of data breaches, with organizations incurring a cost of INR 4,224 for every compromised record. Three out of four victims of malicious attacks experienced such breaches and 50 per cent experienced theft of data-bearing devices. Besides these devices IP thieves use email, print materials, remote network access and file transfer to compromise information. The window of opportunity widens further with the twin strategic trends of cloud computing and mobility enabling anytime/anywhere access to information. The greater the motivation and capacity of the rogue employee, coupled with inadequate protective measures, the higher the likelihood of success.
To derive the greatest value from information and safeguard this key business asset, organizations need to use people, processes and technology, along with a holistic and information-centric approach to security. Equally important is that organizations put in place a strategic framework for security. The study reveals that organizations with a Chief Information Security Officer (CISO) and centralized management of data protection face 46 per cent lower costs due to data breaches than those organizations that didn’t have C-level involvement in managing security .
How are you protecting your information assets from getting compromised ?