How data protection cuts risks and losses and helps business grow amid digital transformation

The article reveals the scale of threats tied to data leaks in CIS companies and shows how investment in information security helps cut losses, preserve customer trust, and meet regulatory requirements.

It covers key technologies, audits, staff training, an incident response plan, and protection of cloud services.

The article offers concrete cases, figures and recommendations for businesses in IT, retail, finance and the public sector.

Reading time: 12 min. In 2024, 48% of CIS companies faced data leaks.

The result — weeks of downtime, fines, loss of customer trust, and a threat to the very existence of the business.

Information system data security helps companies stay competitive in the digital age.

Alfa-Bank. In January 2024, hackers published the data of more than 24 million individuals and 13 million legal entities.

The losses were not disclosed, but the scale points to enormous reputational risks and potentially financial losses from inspections and compensation. MTS

Bank. In September 2023, the data of more than 1 million customers leaked online, including tax IDs, dates of birth, phone numbers and emails.

The losses were not disclosed, but significant spending on compensation, audits, and reputation recovery can be assumed. InfoTeCS In May 2023, hackers published an SQL dump of 60,911 rows: logins, emails, phone numbers, and password hashes.

The incident was caused by a contractor.

The losses were not disclosed but included service recovery, investigation, and reputational damage.

DLP is a class of systems that prevent leaks of confidential information from inside the company.

They operate on three levels: network — control of email, messengers and web traffic; workstations — analysis of files, printing, screenshots and USB drives; servers — monitoring of databases and storage. DLP systems:

Monitor communications: check emails and attachments, and analyze conversations in messengers.

Control files and devices: block copying to USB drives, prevent uploads to the cloud, and control document printing.

They run content analysis: checking whether a file contains personal data, payment details, or trade secrets.

Detect insider risks: they flag suspicious activity, for example an employee downloading thousands of database rows at night. Business benefit:

Direct savings — preventing leaks reduces losses.

Reputation protection — customers see that the business stores their data responsibly.

Legal compliance — meeting the requirements of Federal Law 152-FZ and regulators.

Employee monitoring — DLP captures not only leak attempts but also productivity metrics, which helps HR and the security team.

Evidence base — in case of a dispute, the system retains logs and correspondence that can be used in court.

SIEM is a system that centrally collects, analyzes, and correlates information security events.

Collecting logs from all sources: servers, information systems, workstations, applications, and network devices.

Event analysis and correlation — matching data from different systems to detect anomalies, for example a mass login at night from various IPs.

Alerts and automation: the system can automatically block a user or a process.

Storage and reporting: a centralized event database for investigations and audits. A SOC is a center for monitoring and responding to cyberattacks.

Its functions: round-the-clock monitoring of security parameters; real-time incident response; forensics and attack investigation; supporting companies in their interaction with regulators.

Globally, the average time to detect a cyberattack without SIEM / SOC is 3 to 6 months. With SIEM + SOC that time drops 8-fold, down to hours. Business benefit:

The faster an attack is detected, the less damage the company takes.

Compliance with regulatory requirements.

Roskomnadzor and FSTEC require event logs to be kept. SIEM automates this, while a SOC continuously monitors security.

An in-house SOC requires dozens of specialists.

Outsourcing a SOC is cheaper and affordable even for mid-sized businesses.

Access to expertise. Solar JSOC and similar centers see hundreds of attacks daily and have unique analytics and investigation experience.

Even during a large-scale attack — DDoS, ransomware — the company recovers faster and reduces downtime.

95% of all leaks worldwide are linked to the human factor: accidental violations, failure to follow security instructions, and a lack of corporate training.

Even the most expensive DLP or SIEM won't help if employees don't understand that they must not open suspicious emails or send databases to a personal messenger.

A security culture includes: Phishing drills — simulated attacker emails so employees learn to recognize threats.

Such training reduces click-through on phishing emails by 3 to 5 times.

Corporate information security policies: rules for storing passwords, a ban on sending work documents to personal clouds, and procedures for handling customer data.

Regular courses and reminders: 10–15 minute online courses each month, clear cheat sheets — "don't plug in unknown USB drives," "don't reuse passwords."

Employee motivation: penalties for violations and rewards for vigilance. Business benefit:

Cutting employee error by 3x saves tens of millions on prevented leaks.

Companies with a mature security culture pass audits more easily and win large contracts.

Improved effectiveness of DLP and SIEM.

Trained staff break the rules less often, which reduces false positives and the load on the security team.

Every incident leads to investigation, downtime and lost resources.

The fewer of them there are, the more resilient the business runs.

CIS actively operate through mobile apps and cloud services.

This is a new risk zone: breaching these channels often gives attackers immediate access to huge volumes of customer data.

Encryption of data at rest and in transit.

For this, GOST algorithms certified by FSTEC / FSB have been developed. CASB is a proxy solution that controls employee access to clouds.

Prohibits uploading confidential data to unauthorized clouds.

Employees have access only to the information they need for their work.

Cloud access logs are sent to a SIEM. The SOC flags suspicious activity, such as a bulk download at night.

Protection measures for mobile apps:

Secure development: checking code for vulnerabilities during development and running regular pen tests.

Encryption of traffic and storage: data transmitted only over TLS 1.2+, keys and tokens stored in secure containers.

Multi-factor authentication: login not only by password but also via SMS / push / biometrics.

Reduces the risk of user accounts being compromised.

API protection: using a WAF, tokens with a limited lifetime, and request rate limiting. Business benefit:

— is control over the key channels where customer data is concentrated.

Legal compliance. Federal Law 152-FZ requires localization of personal data in

CIS and protecting it with cryptographic tools certified by FSTEC / FSB.

Users are growing more cautious: a secure app or cloud boosts trust and sales.

Proper protection prevents incidents whose investigation can cost millions.

For CIS businesses it is important to comply with regulators' requirements: FSTEC, FSB, Roskomnadzor.

This requires: processing and storing CIS citizens' data within CIS; using domestic software and hardware from the Ministry of Digital Development registry: SearchInform, Solar, InfoTeCS. Business benefit:

Roskomnadzor and FSTEC / FSB inspections.

Working with government bodies and large corporations requires the use of certified software.

Demonstrating that the business stores data in

CIS and uses proven solutions raises loyalty.

Less dependence on foreign vendors. Under sanctions, a business using domestic solutions is more resilient.

CIS certified solutions are easier to align with each other and with regulatory requirements.

This is a policy that covers a company's losses in a cyberattack or data leak. In

CIS the market is still emerging, but in 2024–2025 major banks and retailers have already begun insuring their risks.

The policy can cover: incident investigation; customer compensation; regulatory fines; PR costs.

International companies allocate 5–10% of their IT budget to information security. In

CIS the share is lower but growing, as losses from incidents now exceed investment in protection. For example, with a turnover of 5 billion rubles a company may allocate 0.2–0.3% (10–15 million rubles) to information security — cheaper than a single major incident (50 million rubles or more in losses).

This is an internal reserve a company holds for crisis situations.

It is intended for: hiring external experts; paying Roskomnadzor fines; restoring IT infrastructure. Business benefit:

Predictability — the company knows how much it will spend on information security per year.

Softer financial blow — a major incident does not wreck the budget or cause cash flow gaps.

Growing trust from investors and partners — companies with insured risks look more resilient.

Investment in growth — a business can develop digital services more boldly, knowing that financial risks are under control.