The average cost of a data breach in the APAC region is $2.62 million, according to the IBM Ponemon “Cost of a Data Breach” report which was released on July 30, 2019.
In Japan and Korea, the average cost of a data breach is much higher, at $3.75 million and $3.30 million. It is somewhat lower in Australia, at $2.13 million, but much higher in the Middle East at $5.97 million. The highest cost in the world is in the US, at $8.19 million.
“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services. “With organisations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”
In the areas that a data breach hits hardest, the APAC region was among the worst sufferers in damages in the past year, according to the report. These areas are abnormal customer turnover (greater-than-expected loss of customers since the breach occurred), average size of a data breach (number of records lost or stolen), average total cost of a data breach and per record cost. Abnormal customer turnover after a breach was up 10 per cent in the region, and per-record cost also rose 10 per cent.
APAC region sees 22,500 records breached in an average attack
The APAC region saw an increase of 4.89 per cent year-on-year at a regional level, up from $2.53 million in 2018. In the region, 22,500 records are breached in an average attack – at a cost of $176 per lost record – with the time to identify and contain a breach standing at 190 days and containing the attack at 69 days. The industry with the highest average for cost per record is financial services.
Ponemon notes the specific threat, posed in the APAC region, of Denial of Service attacks – massive assaults on a website – and Web Application attacks – attacks on computer programs allowing website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Businesses surveyed by Ponemon and Akamai estimated that the total average cost of web application attacks in APAC over the past 12 months was $2.4 million per company, while the total average cost of DoS attacks was $1.1 million. The study found that companies spent an estimated $903,830 and $294,627 on web application attacks and DoS attacks respectively.
The danger of a data breach has increased by one-third in the past two years, the report warns.
Malicious attacks devastate with highest costs
The global average cost of a data breach is $3.92 million, up from 3.50 million in 2014.
Malicious Breaches are devastating, – the most common and the most expensive attacks. Over 50 per cent of data breaches in the study resulted from malicious cyberattacks and cost companies $4.45 million on average, $1 million more on average than those originating from accidental causes such as system glitch and human error. These breaches are a growing threat, as the percentage of malicious or criminal attacks as the root cause of data breaches in the report crept up from 42 per cent to 51 per cent over the past six years of the study (a 21 per cent increase).
Inadvertent breaches from human error and system glitches were still the cause for nearly half (49 per cent) of the data breaches in the report, costing companies $3.50 million and $3.24 million on average respectively. These breaches from human and machine error represent an opportunity for improvement, which can be addressed through security awareness training for staff, technology investments, and testing services to identify accidental breaches early on.
One particular area of concern is the misconfiguration of cloud servers, which contributed to the exposure of 990 million records in 2018, representing 43 per cent of all lost records for the year according to the IBM X-Force Threat Intelligence Index.
Long-term costs are significant
The study researched, for the first time in its history, the long-term costs of data breaches.
While an average of 67 per cent of data breach costs were realised within the first year after a breach, 22 per cent were added in the second year and another 11 per cent accumulated more than two years after a breach. Companies require vast efforts over a long period to recover from breaches, the study showed.
The long-term costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.
Diligent Governance Cloud provides the highest grade of security
As the report shows, maintaining IT security is more difficult than ever. Boards are looking at cybersecurity with a new level of scrutiny and applying that scrutiny to their own operations. Are their agendas, minutes, reports and supporting documents safe against escalating online threats?
A world of governance and IT knowledge informs the security behind our Governance Cloud ecosystem, which includes Diligent Boards, Diligent Messenger, Diligent Evaluations, and Diligent Conflict-of-Interest module. Data is hosted on secure servers and a world-class infrastructure that Diligent owns and operates. As part of Governance Cloud, all Diligent solutions are ISO and TRUSTe-certified and internationally audited, with robust customisable encryption and data access. If a device is lost or compromised, our remote wiping capabilities allow you to swiftly mitigate risk.
Good governance isn’t just one thing – so why buy software that only manages your board documents? At Diligent, we empower leading organisations around the world to turn good governance into a competitive advantage for their business. In the ever-changing landscape of the world, governance hasn’t kept up with the fast pace of business. Quarterly board meetings, paper board books and not using secure communication tools for sensitive data have opened up numerous companies to risk.
Diligent Messenger is a tested means for calls and messaging, one that enjoys the highest grade of security.
And Diligent’s board assessment tool enables the CEO to share what he finds the board does well, and where they need improvement. And this can be done in complete confidence that the discussion will remain confidential.
With Diligent, boards can gain a competitive edge to improve governance by having the right information, analytics and insights to spot risks, act on opportunities and turn insights into action.
September 7, 2020
Avoiding Cyber Confusion in the Board Room
It is imperative that Directors understand the cyber risks facing their companies and organisations. The increasingly complex internal and external landscape presents unique challenges for Boards. Several key steps can however significantly increase the cyber resilience of any company or organisation, irrespective of size. The article outlines five key steps…
August 20, 2020
Minimising the Risk of Virtual Meetings: 5 Practices Boards Should Avoid
Months into the COVID-19 lockdown, remote workers—and board members—have become more accustomed to virtual meetings. They’ve found a quiet place in the house, mastered the mute and camera buttons, and fully styled their background bookcases and “Zoom couture.” Yet as virtual work becomes a way of life, not all adaptive…
January 30, 2020
Voice Assistants in the Boardroom: The Pro’s and Con’s
Australians are going crazy for voice assistants – they are selling faster there than in the US, according to Voicebot.ai, and 5.7 million Aussies already have them. They are becoming popular in New Zealand too, reportedly, although there has been some scarcity…