Counting the cost of data breaches in South Africa

A new report by IBM Security and Ponemon Institute finds that the average cost of a data breach in South Africa is R32.36 million – a 12% increase from 2016.
The study found that these data breaches cost companies on average R1,632 per lost or stolen record.
The report comes amid reports of a new strain of ransomware – called Petya, and which emerged in Ukraine and Russia on Tuesday, and has since spread to the US and South Africa, according to MyBroadband.
IBM’s report found that local organisations saw an average cost of a data breach at R32.36 million, have direct per capita cost of R809 ($62,5) and are among the markets that spend R8.07 million on post data breach response.
The 2017 Cost of Data Breach report also revealed that malicious or criminal attacks are the most frequent cause of a data breach locally. As much as 47% of incidents involved data theft or criminal misuse.
These types of incidents cost companies R1,903 ($147) per compromised record, compared to R1,425 ($110.2) and R1,432 ($110.8) per compromised record as a result of a breach caused by a system glitch or employee negligence, respectively, IBM said.
Top factors that contributed to the increase of cost of a data breach in South Africa include compliance failures and the extensive use of mobile platforms.
Companies reported that compliance failures and the extensive use of mobile platforms increased the cost of each compromised record by R79 ($6.1) and R90 ($6.9), respectively.
According to the study, how quickly a company can contain data breach incidents have a direct impact on financial consequences. The cost of a data breach was nearly R5 million lower on average for organisations that were able to contain a data breach in less than 30 days compared to those that took longer than 30 days.
On average, local companies took 155 days to identify a breach, and 44 additional days to contain a breach once discovered.
In South Africa, financial, services and industrial companies have topped the list as the most expensive industry for data breaches, costing companies over R1,632 ($126.2) per compromised record.