A Frost & Sullivan study commissioned by Microsoft reveals that a large-sized organization in India incurs an average of US$10.3 million of economic loss from cyberattacks whereas a mid-sized organization incurs an average of US$11K.
The study, titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World”, aims to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches in the Asia-Pacific region identify the gaps in organizations’ cybersecurity strategies. The study involved a survey of 1,300 business and IT decision makers ranging from mid-sized organizations (250 to 499 employees) to large-sized organizations (>than 500 employees). The study reveals that more than three in five organizations (62%) surveyed in India have either experienced a cybersecurity incident(30%) or are not sure if they had one as they have not performed proper forensics or data breach assessment(32%).
“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimize operations, they take on new risks,” said Keshav Dhakad, Group Head & Assistant General Counsel, Corporate, External & Legal Affairs (CELA), Microsoft India “With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as is evident from high-profile breaches this year.”
To calculate the cost of cybercrime, Frost & Sullivan has created an economic loss model based on macro-economic data and insights shared by the survey respondents. This model factors in three kinds of losses which could be incurred due to a cybersecurity breach, viz., direct (financial losses associated with the incident; indirect ( the opportunity cost to the organization such as customer churn due to reputation loss); and induced (impact on the broader ecosystem and economy, such as the decrease in consumer and enterprise spending).
The Study also examined the current cybersecurity strategy of organizations in India. It found that for organizations that have encountered cybersecurity incidents, remote code execution and data exfiltration are the biggest concerns as they have the highest impact with the slowest recovery time.
In conclusion, the report also recommends a set of best practices for organizations to improve their defense against cyber threats. This includes positioning cybersecurity as a digital transformation enabler; ongoing investment in strengthening security fundamentals; reducing the number of tools and complexity, and leveraging integrated best-of-suite tools; continuously assessing and reviewing compliance and leveraging AI and Automation to increase capabilities and capacity.