IBM's annual study in partnership with the Ponemon Institute, “Data Breach Costs 2017”, shows that there has been a historic increase in the number of incidents caused and the costs generated with data breaches in Brazil. The total amount disbursed to repair the invasions was R$ 4.72 million. In 2016, the amount was R$ 4.31 million. For this survey, the company had the participation of 166 organizations from 12 different segments and was based on the costs of 36 companies.
According to the survey, malicious attacks are still the main cause of data breaches, accounting for 44% of the cases analyzed, followed by human failures, which include inattentive or negligent employees, which caused 31% of the cases, and system failures, which represented 25% of the total. The study points out that the most affected companies were those focused on the service, finance and technology industries, which recorded a per capita cost above R$ 246.00 for data repair.
The greater the number of records stolen, the higher the cost of the data breach. “To give you an idea, companies that had leaks involving less than 10,000 records had an average cost of R$2.07 million, while those that had 50,000 compromised occurrences recorded a value of R$6.73 million”, explains the Security Leader at IBM Brazil, João Rocha.
According to the executive, the problem is the loss that goes beyond the financial issue. “When the reputation of companies is compromised, public retraction is often necessary and, in some cases, it is necessary to hire a digital law consultancy to ensure that the data is properly recovered”, he says. The survey shows that the average cost of the damage that companies suffered from the issue of reputation reached R$1.92 million.
time is everything
One of the factors that defines the value of repairing breaches is the time it takes to identify the intrusion, as the faster malware is detected and contained, the less cost companies will incur. In this study, the average time it took companies to identify an intrusion was 250 days and about 105 days to contain the data leak, after its identification. If the identification time was less than 100 days, the average cost to recognize a breach would be R$4.13 million. However, if it exceeds that time, the value would rise to R$5.30 million.
How to prevent data breaches?
The study points out that investments in data protection practices are very important to reverse situations like this. Rocha adds that it is necessary to have an incident response plan, extensive use of encryption, employee training and threat intelligence sharing to reduce the per capita costs of these leaks. “Since 2013, we have been following a chart of good practices that companies must implement. Encryption, for example, which represented only 23% of security controls, now represents 53% of prevention measures”, he concludes.
According to the survey, malicious attacks are still the main cause of data breaches, accounting for 44% of the cases analyzed, followed by human failures, which include inattentive or negligent employees, which caused 31% of the cases, and system failures, which represented 25% of the total. The study points out that the most affected companies were those focused on the service, finance and technology industries, which recorded a per capita cost above R$ 246.00 for data repair.
The greater the number of records stolen, the higher the cost of the data breach. “To give you an idea, companies that had leaks involving less than 10,000 records had an average cost of R$2.07 million, while those that had 50,000 compromised occurrences recorded a value of R$6.73 million”, explains the Security Leader at IBM Brazil, João Rocha.
According to the executive, the problem is the loss that goes beyond the financial issue. “When the reputation of companies is compromised, public retraction is often necessary and, in some cases, it is necessary to hire a digital law consultancy to ensure that the data is properly recovered”, he says. The survey shows that the average cost of the damage that companies suffered from the issue of reputation reached R$1.92 million.
time is everything
One of the factors that defines the value of repairing breaches is the time it takes to identify the intrusion, as the faster malware is detected and contained, the less cost companies will incur. In this study, the average time it took companies to identify an intrusion was 250 days and about 105 days to contain the data leak, after its identification. If the identification time was less than 100 days, the average cost to recognize a breach would be R$4.13 million. However, if it exceeds that time, the value would rise to R$5.30 million.
How to prevent data breaches?
The study points out that investments in data protection practices are very important to reverse situations like this. Rocha adds that it is necessary to have an incident response plan, extensive use of encryption, employee training and threat intelligence sharing to reduce the per capita costs of these leaks. “Since 2013, we have been following a chart of good practices that companies must implement. Encryption, for example, which represented only 23% of security controls, now represents 53% of prevention measures”, he concludes.
EN 
PT 
