NEW DELHI: The financial impact of data breaches in India has increased to a record high of 19.5 crore in 2024, as revealed in an IBM cost of a data breach report. This represents a 39 per cent rise since 2020 and a 9 per cent increase from the previous year.
The report further indicates that 70 per cent of breached organisations worldwide experienced disruption while in India, lost business, which includes operational downtime, customer attrition, and reputational harm, contributed to a nearly 45 per cent surge in breach costs.
Additionally, notification expenses increased by 19 per cent compared to the previous year. Detection and escalation costs also witnessed a minor increase of nearly 7 per cent, highlighting the complexity of breach investigations, which continue to account for the largest portion of breach costs in the country.
“The findings from this year’s IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects,” said Viswanath Ramaswamy, vice president of Technology, IBM India & South Asia.
“Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential,” Ramaswamy added.
The report identified phishing and stolen or compromised credentials as the most prevalent initial attack types in India, each responsible for 18 per cent of incidents.
Cloud misconfiguration followed closely at 12 per cent. Business email compromise emerged as the most expensive root cause, with an average cost of Rs 215 million per breach. Social engineering (Rs 213 million) and phishing (Rs 209 million) also contributed significantly to breach costs.
Data breaches involving public clouds and multiple environments, including public cloud, private cloud, and on-premises, proved to be particularly costly. The report revealed that 34 per cent of data breaches in India involved public clouds, with an average cost of Rs 227 million.
Breaches spanning multiple environments took the longest time to identify and contain, averaging 327 days.
The highest breach costs in India’s industrial sector averaged Rs 255 million, followed by the technology industry at Rs 243 million and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors, including “healthcare, financial services, industrial, technology, and energy organisations,” experienced the highest breach costs across industries.
Offensive security testing, AI and machine learning-driven insights, and proactive threat hunting played crucial roles in reducing the total cost of data breaches in India.
Organisations that identified and contained a breach within 200 days incurred an average cost of Rs 184 million, while those with a breach lifecycle exceeding 200 days faced an average cost of Rs 205 million.
The implementation of security AI and automation significantly expedited breach identification and containment. In India, extensive use of these technologies reduced the data breach lifecycle by 112 days and lowered breach costs by an average of Rs 130 million compared to organisations without such deployments.
The report reveals that 28 per cent of organisations in India are now extensively deploying security AI and automation, an increase from 20 per cent in 2023. However, there is still considerable room for growth, as 72 per cent of the studied organisations have limited (35 per cent) or no use (37 per cent) of these technologies.
The report further indicates that 70 per cent of breached organisations worldwide experienced disruption while in India, lost business, which includes operational downtime, customer attrition, and reputational harm, contributed to a nearly 45 per cent surge in breach costs.
Additionally, notification expenses increased by 19 per cent compared to the previous year. Detection and escalation costs also witnessed a minor increase of nearly 7 per cent, highlighting the complexity of breach investigations, which continue to account for the largest portion of breach costs in the country.
“The findings from this year’s IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects,” said Viswanath Ramaswamy, vice president of Technology, IBM India & South Asia.
“Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential,” Ramaswamy added.
The report identified phishing and stolen or compromised credentials as the most prevalent initial attack types in India, each responsible for 18 per cent of incidents.
Cloud misconfiguration followed closely at 12 per cent. Business email compromise emerged as the most expensive root cause, with an average cost of Rs 215 million per breach. Social engineering (Rs 213 million) and phishing (Rs 209 million) also contributed significantly to breach costs.
Data breaches involving public clouds and multiple environments, including public cloud, private cloud, and on-premises, proved to be particularly costly. The report revealed that 34 per cent of data breaches in India involved public clouds, with an average cost of Rs 227 million.
Breaches spanning multiple environments took the longest time to identify and contain, averaging 327 days.
The highest breach costs in India’s industrial sector averaged Rs 255 million, followed by the technology industry at Rs 243 million and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors, including “healthcare, financial services, industrial, technology, and energy organisations,” experienced the highest breach costs across industries.
Offensive security testing, AI and machine learning-driven insights, and proactive threat hunting played crucial roles in reducing the total cost of data breaches in India.
Organisations that identified and contained a breach within 200 days incurred an average cost of Rs 184 million, while those with a breach lifecycle exceeding 200 days faced an average cost of Rs 205 million.
The implementation of security AI and automation significantly expedited breach identification and containment. In India, extensive use of these technologies reduced the data breach lifecycle by 112 days and lowered breach costs by an average of Rs 130 million compared to organisations without such deployments.
The report reveals that 28 per cent of organisations in India are now extensively deploying security AI and automation, an increase from 20 per cent in 2023. However, there is still considerable room for growth, as 72 per cent of the studied organisations have limited (35 per cent) or no use (37 per cent) of these technologies.
