A report commissioned by IBM from the Ponemon Institute on the average cost of data breaches, “Cost of Data Breach Study 2016”, shows that Brazil is among the most vulnerable countries in terms of information security. First on the list of 12 countries, Brazil is followed by South Africa, France, and India.
The study, which interviewed 33 Brazilian companies from 12 different sectors in a ten-month period, also points out that the average per capita cost of data breach in Brazil has grown significantly, from R$ 175.00 to R$ 225.00 from one year to the next. here. The loss of companies in the country went from R$ 3.96 million to R$ 4.31 million. The number of data stolen this year has risen from 3,900 to 85,400.
According to IBM, malicious attacks were the primary and most costly cause of data breaches. In the companies interviewed, it was found that 40% of the incidents involved a malicious or criminal attempt. Additionally, employees or organizations that neglect the security of their data accounted for 30% of all breaches, while the other 30% were caused by human error.
According to the leader of Security Services at IBM Brazil, André Pinheiro, this scenario shows that companies need to be even more aware of Information Security. “This research attests that being one step ahead of digital criminals is no longer just something desirable and becomes mandatory for the survival of organizations,” says Pinheiro.
The report also shows that post-data breach costs have also grown. For example, legal expenses for protection services, among others, increased from R$ 1.23 million in 2015 to R$1.32 million in 2016. Direct expenses for activities such as the involvement of forensic experts rose from R$ 103.00 to R$ 110.00 The indirect ones, which include time, effort and other organizational resources, went from R$ 43.00 to R$ 115.00 in 2016.
reducing risks
The main preventive measures implemented by companies after suffering from security breaches were: extensive use of encrypted data (47%), manual procedures and supplementary controls (46%), training and awareness programs (43%), security and strengthening of perimeter controls ( 40%). In the last four years, the use of encryption has increased by 22%. The strengthening of perimeter controls and the use of security intelligence systems grew by 21%.
According to Pinheiro, organizations need to invest in improving data protection practices. “Data is an organization's greatest asset. Knowing that we continue in an apparently uncontrollable growth of data loss and theft shows that they should dedicate more attention and investments to this area”, he explains.
In the global version of the study, a survey was carried out with more than two thousand companies from different industries. IBM has listed organizations' top seven points of attention or findings to defend against potential data breaches. Are they:
1. The cost of a data breach is permanent. Organizations need to get used to this expense and be prepared to create and implement their data protection strategies;
2. The biggest financial consequence for organizations that have experienced a data breach is lost business. Companies need to take action to retain consumer confidence and reduce the long-term financial impact;
3. Malicious attacks remain the problem. They still take a long time to repair and, as a result, have the highest cost per record;
4. The longer, the more expensive. Investments have been made in in-house technologies to reduce fraud detection and containment time;
5. Health and financial services are the biggest targets. More expensive data needs more protection;
6. Expansion of governance programs. Actions to train, raise awareness and manage employees and leaders;
7. Collaboration is the buzzword. The study revealed that there was a reduction in costs when companies shared information about attacks and deployment of technologies to prevent data loss.
To obtain the complete report with data from all countries and from Brazil, access: http://www.ibm.com/security/data-breach/.
EN 
PT 
