Average cost of data breach in India reached all-time high of Rs 195 Million: IBM Report
Jul 31, 2024
Bengaluru (Karnataka) [India], July 31 : The latest IBM cost of a data breach report has revealed a rise in the financial impact of data breaches in India, reaching an all-time high of Rs 195 million in 2024.
This marks a 39 per cent increase since 2020 and a 9 per cent rise from the previous year.
The report highlights that 70 per cent of breached organisations globally reported disruption. In India, lost business -- including operational downtime, loss of customers, and reputation damage -- drove a nearly 45 per cent increase in breach costs, while notification costs rose by 19 per cent from the previous year.
Detection and escalation costs also saw a slight increase of nearly 7 per cent, reflecting the intricate nature of breach investigations, which continue to represent the highest portion of breach costs in the country.
Viswanath Ramaswamy, Vice President, of Technology, IBM India & South Asia, said, "The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects."
He added, "Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential,"
The report identifies phishing and stolen or compromised credentials as the most common initial attack types in India, each accounting for 18 per cent of incidents.
Cloud misconfiguration followed at 12 per cent. Business email compromise emerged as the costliest root cause, averaging Rs 215 million per breach, with social engineering (Rs 213 million) and phishing (Rs 209 million) also contributing to breach costs.
Data breaches involving public clouds and multiple environments (including public cloud, private cloud, and on-premises) were particularly costly.
The report found that 34 per cent of data breaches in India involved public clouds, with an average cost of Rs 227 million. Breaches spanning multiple environments took the longest to identify and contain, averaging 327 days.
The industrial sector in India experienced the highest breach costs, averaging Rs 255 million. The technology industry followed at Rs 243 million, and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors -- such as healthcare, financial services, industrial, technology, and energy organisations -- incurred the highest breach costs across industries.
Offensive security testing, AI and machine learning-driven insights, and proactive threat hunting were key factors that helped reduce the total cost of data breaches in India. Organisations that took less than 200 days to identify and contain a breach incurred an average cost of Rs 184 million, compared to Rs 205 million for those with a breach lifecycle extending beyond 200 days.
Security AI and automation significantly accelerated breach identification and containment. In India, extensive use of these technologies shortened the data breach lifecycle by 112 days and reduced breach costs by an average of Rs 130 million compared to organisations without such deployments.
The report indicates that 28 per cent of organisations in India are now extensively deploying security AI and automation, up from 20 per cent in 2023.
However, there is still substantial potential for growth, as 72 per cent of studied organisations have limited (35 per cent) or no use (37 per cent) of these technologies.