Large Indian cos may take a $10-mn hit from cyberattacks: Microsoft study

Large Indian cos may take a $10-mn hit from cyberattacks: Microsoft study
Photo Credit: Photo Credit: Pixabay
6 Dec, 2018

A large organisation in India incurs an economic loss of $10.3 million on average from cyberattacks whereas a mid-sized organisation takes an average hit of $11,000, said a study conducted by consulting firm Frost & Sullivan.  

Commissioned by Microsoft, the study revealed that cybersecurity attacks led to job losses in around 64% of the organisations it surveyed.
Titled ‘Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World’, the study meant to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches and help them identify the gaps in their strategies. 

The study conducted a survey among IT decision-makers across 1,300 businesses ranging from mid-sized organisations with 250 to 499 employees to large organisations with more than 500 employees.  

The study found that more than three in five organisations surveyed in India had either experienced a cybersecurity incident or were not sure if they had as they had not performed proper forensics or conducted data breach assessment. 

“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimise operations, they take on new risks,” said Keshav Dhakad, group head & assistant general counsel, corporate, external & legal affairs, Microsoft India. 

He further said that with traditional IT boundaries disappearing, the adversaries now have many new targets to attack. “Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as is evident from high-profile breaches this year,” he added.

To calculate the cost of cybercrime, Frost & Sullivan has created an economic loss model based on macro-economic data and insights shared by the survey respondents. This model factored in three kinds of losses in the wake of a cybersecurity breach -- direct (financial losses associated with the incident; indirect (the opportunity cost to the organisation such as customer churn due to reputation loss); and induced (impact on the broader ecosystem and economy, such as the decrease in consumer and enterprise spending). 

The study also examined the current cybersecurity strategy of organisations in India. It found that for organisations that have encountered cybersecurity incidents, remote code execution and data exfiltration were the biggest concerns as they had the highest impact with the slowest recovery time. Most organisations lacked a cybersecurity strategy, while for a large majority, cybersecurity was an afterthought, the study found. 

The report also highlighted that rapid advancements in technology would act as a key equalising factor. The study revealed that more than 92% organizations in India had either adopted or were looking to adopt an artificial intelligence-based approach towards boosting cybersecurity. Additionally, around 22% of Indian organisations had already witnessed the benefits of using artificial intelligence to achieve faster and more accurate detection of threats.