Data breaches are getting expensive for India, shows study

Electronic data breaches, such as the recent ATM hack that compromised more than 30 lakh debit cards, have become more costly in recent years, according to a recent study.

The per capita cost of a compromised record went up by more than 75% in the past five years. The cost, which was ₹ 2,106 in 2012, has increased to ₹ 3,704 this year, according to a Ponemon Institute-IBM report.

"What the numbers don't talk about is the intangible loss that comes with these leaks," says Vaidyanathan Iyer, Business Unit Executive at IBM in India.

In the wake of a data breach, a company often ends up losing its existing or potential customers.The cost of a data breach also includes costs associated with forensic and investigative activities, audit services, crisis management and technology upgrades.

The cost of any data breach or leak depends on the industry as well as the nature of the information compromised. For example, in the case of the Scorpene leaks, which resulted in the publication of details of the submarine in an Australian newspaper, the data breach carried a price for national security. The recent leak that made public 500 million Yahoo user accounts, on the other hand, threatened individual security and damaged the commercial interests of the company.

India had the highest percentage of data leaks due to a system glitch, according Ponemon's 2016 global analysis. Also, even though India's per capita cost of a data breach was the lowest, it had the highest number of records compromised.

"Although India has made substantive progress in terms of building its cyber security skill set in terms of legal and technical solutions, it must be borne in mind that we have a long way to go," says Rama Vedashree, CEO at Data Security Council of India (DSCI), which is currently working with the governments of Telangana and Andhra Pradesh to develop and implement cyber security policies.

Vedashree feels that while it is critical for India to collaborate with countries like Israel, US and Singapore to build its security infrastructure, achieving a certain degree of self-reliance is important as well. To that end, the IT Act in India was amended in 2008 to help stop cyber crime, and the National Cyber Security Policy was rolled out in 2013 by the Ministry of Electronics and IT. Reserve Bank of India, too, released a cyber security framework for the banking industry while Securities and Exchange Board of India continues to strengthen cyber security for the stock market.

Almost 90 percent of all data breaches had a financial or espionage motive, according to Verizon's 2016 Data Breach Investigations Report. As mobile banking and commerce become increasingly digitised, data breaches may become far more damaging in years to come.