Security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic with the cost of data breaches to Indian organisations rising close to 18 per cent to Rs 16.5 crore on an average between May 2020 and March 2021, according to a report by IBM.
The study pointed towards similar trends in other parts of the world with data breaches costing surveyed companies $4.24 million per incident on an average – the highest in the report's 17-year history.
"Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10 per cent compared to the prior year," it added.
The India data showed that Rs 16.5 million was the average total cost of data breach in the 2021 study (May 2020 to March 2021). Last year's edition of the report had said data breaches cost organisations in India about Rs 14 crore on an average between August 2019 and April 2020.
The 2021 Cost of a Data Breach Report from IBM Security and Ponemon Institute is based on an in-depth analysis of real-world data breaches of 100,000 records or less, experienced by over 500 organisations globally.
The report takes into account hundreds of cost factors involved in data breach incidents, from legal, regulatory, and technical activities to loss of brand equity, customers, and employee productivity.
As per the India insights, Rs 5,900 was the cost per lost or stolen record in the 2021 study, an increase of 6.85 per cent from 2020.
The top three primary initial attack vectors for data breaches included phishing, malicious insider, and physical security compromise.
The average mean time to identify a data breach increased from 230 to 239 days, and the average mean time to contain a data breach decreased from 83 to 81 days, it said.
Interestingly, organisations with less than 50 per cent remote work adoption took 208 days as the average mean time to identify a data breach and 72 days as the average mean time to contain a data breach, while those with over 50 per cent remote work adoption took 271 days as the average mean time to identify a data breach and 83 days as the average mean time to contain a data breach.
"The rapid shift to remote work witnessed a tremendous disruption of security programmes.
"Organisations were focused on getting online and security became an afterthought.
"India witnessed a record high in a data breach during the pandemic, leading to many organisations evaluating their security posture," Prashant Bhatkal, Security Software Sales Leader at IBM Technology Sales, India/South Asia, said.
He added that it is important to learn from these findings every year and adopt an open approach required to address the fragmentation and complexity challenges facing security teams now, coupled with embracing a zero-trust strategy.
"Further, it is evident that with modernisation including the adoption of AI, security analytics, and applying a zero-trust approach, significantly decreased costs associated with data breaches.
"What's important is to learn and apply measures that saved organisations the most money when a breach occurred –including applying zero trusts, automation, hybrid cloud, and encryption," he said.