Cyber security. Remote work costs organisations heavily as data breaches shoot up

K V KurmanathK. V. Kurmanath Updated - December 06, 2021 at 04:51 AM.

Stolen credentials, exposure of customer data pose threat: IBM report

About 53 per cent of data breaches in organisations were caused by malicious attacks, according to the report

Remote work, which has become the buzzword during the pandemic, seems to have cost organisations worldwide heavily. They reported significant data breaches, costing them about ₹7 crore per breach on average and enormous time identifying the breaches and plugging them.

“With society leaning more heavily on digital interactions during the pandemic, companies embraced remote work and cloud as they shifted to accommodate this increasingly online world,” Prashant Bhatkal, Security Software Sales Leader, IBM Technology Sales, India and South Asia, has said.

Like in most cyberattacks, stolen credentials of the employees and customers continue to cause data breaches and resultant costs to contain them.

Talking on the highlights of IBM’s Cost of a Data Breach Report 2021, he said security preparedness might have lagged behind these rapid IT changes, hindering organisations’ ability to respond to data breaches.

About 20 per cent of organisations have reported that remote work was a factor in the data breach they experience.

“Remote work in itself is not a risk. Rather, the rapid shift to remote work had a tremendous impact on security programmes. Organisations were focused on getting online and security became an afterthought. This is why we’re seeing such a cost increase on those breaches associated with remote work,” he said.

The report is based on an analysis of real-world data breaches of one lakh records or less experienced by over 500 organisations globally between May 2020 and March 2021. In India, 48 organisations were studied.

He said the organisations that relied less on remote working took less time to identify and arrest the losses.

“The average mean time to identify a data breach increased from 230 to 239 days, and the average mean time to contain a data breach decreased from 83 to 81 days,” the report said.

The organisations with less than 50 per cent remote work adoption took 208 days as the average mean time to identify a data breach and 72 days as the average mean time to contain a data breach.

However, organisations with over 50 per cent remote work adoption took 271 days to identify a data breach and 83 days to contain a data breach.

Cost for data breaches

He put the country’s average total cost of the data breach at ₹16.5 crore, while the price of one lost or stolen record stands at ₹5,900.

“On an average 27,966 average records were breached during May 2020 and March 2021,” he said.

Those organisations in a mature stage of ‘zero trust deployment’ suffered ₹13.18 crore in costs in tackling the breaches, while those in the early stage of adoption had a higher cost of ₹19.87 crore in data breach costs.’

"The adoption of artificial intelligence, security analytics, and applying a zero-trust approach would help decrease the cost of data breaches,” he said.

Global scenario

The report said that globally data breaches now cost the companies (surveyed) about ₹30 crore per incident on average – the highest cost in the 17-year history of the report.

Stolen user credentials continue to be the most common root cause of breaches. Customer’s personal data (such as name, email, password) was the most common type of information exposed in data breaches – with 44% of breaches including this type of data.

“The combination of these factors could cause a spiral effect, with breaches of username and passwords, giving the attackers leverage for additional future data breaches,” the report said.

The loss of customer personal identifiable information (PII) was also the most expensive compared to other types of data ($180 per lost or stolen record vs $161 for overall per record average).

Published on July 28, 2021 04:34