Response to cybercrime a major challenge for businesses: IBM study

Indian firms are at risk too, recording a 12.3-percent increase in the total cost of data breach in 2017. Financial services and technology companies are more susceptible.

While cybercrime is on the rise, response to it is inadequate still.

More than three-fourths of business organisations world over do not know how to tackle cybersecurity issues, revealed a study conducted by leading IT security research firm Ponemon Institute, in association with IBM. Additionally, 69 percent of businesses accepted that they lacked appropriate funds to ensure cyber resiliency.

The study, titled 2017 Cost of Data Breach, found that 77 percent lacked a formal cybersecurity incident response plan (CSIRP) applied consistently across their organisations. Nearly half of the 2,800 respondents reported that their incident response plan was either informal/ad hoc or entirely non-existent. This, despite their admission that cyber attacks now are more “severe” than ever before.

Sometimes, organisations take long to respond to a data breach in spite of having a CSIRP. The study states that the cost of a data breach was nearly $1 million lower on an average “when organisations were able to contain the breach in less than thirty days.”

But, why do organisations lack cyber resilience in a technologically advanced world?

Ted Julian, Vice President of Product Management and Co-Founder, IBM Resilient (an IBM company) said:

“Sixty percent of respondents consider a lack of investment in Artificial Intelligence (AI) and Machine Learning (ML) as the biggest barrier to cyber resilience. A response plan that orchestrates human intelligence with machine intelligence is the only way security teams are going to get ahead of the threat and improve overall cyber resilience.”

Other problems include the lack of annual budgets and the high attrition rate of IT and security professionals. Moreover, with cyber attacks becoming more complex by the day, the time taken to resolve them is longer too.

A separate study by security software provider McAfee and the Center for Strategic and International Studies (CSIS) had recently revealed that cybercrime has taken a $600-billion toll on the global economy, and cost 0.8 percent of the world’s GDP. It will only get worse with “cybercrime-as-a-service” becoming more sophisticated, and flourishing across markets like North Korea, Russia, Iran, and China.

Cost of data breach — India

Indian firms recorded a 12.3-percent increase in the total cost of data breach in 2017. The average total increased from Rs 97.3 million in 2016 to Rs 110 million in 2017. The cost of per stolen record now stands at Rs 4,210 compared to Rs 3,704 earlier.

IBM and Ponemon Institute surveyed 39 Indian companies across 13 industry sectors for the 2017 edition of the report. “The number of breached records per incident this year ranged from 4,000 compromised records to 98,000 compromised records. The average number of breached records was 33,167,” the report stated.

Certain industries reported higher data breach costs. Services, financial, industrial and technology companies had “a per capita cost well above the mean of Rs 4,210” while PSUs, research and transportation companies had “a per capita cost well below the mean”. However, most organisations lost customers as a result of their data breaches.

Larry Ponemon, Chairman & Founder of Ponemon Institute, said: “A sharp focus in a few crucial areas can make a big difference when it comes to cyber resilience. Ensuring the security function is equipped with a proper incident response plan, staffing, and budget will lead to a stronger security posture and better overall cyber resilience.”