News: Data breach costs surge 39% in India: IBM Report

Business

Data breach costs surge 39% in India: IBM Report

Escalating data breaches drive the average data breach cost in India to a record Rs 195 million in 2024.
Data breach costs surge 39% in India: IBM Report

In 2024, the average data breach cost in India soared to an all-time high of Rs 195 million. IBM's annual Cost of a Data Breach Report reveals a 39% increase since 2020 and a 9% rise from the previous year, highlighting the escalating disruption of data breaches and the growing demands on cybersecurity teams. Globally, 70% of breached organisations reported significant disruption due to these incidents.

The report highlights that the surge in data breach costs in India is driven by increased lost business and notification expenses. Collateral damage from breaches has intensified, with the cost of lost business—encompassing operational downtime, customer loss, and reputational harm—rising nearly 45%. Additionally, notification costs saw a 19% increase from the previous year.

The modest rise in detection and escalation costs, up nearly 7% year-over-year, underscores the growing complexity of breach investigations. These costs continue to represent the largest portion of breach expenses in India.

Prominent attack vectors

Phishing and stolen or compromised credentials account for 18% of incidents, followed by cloud misconfiguration (12%). Business email compromise was the costliest root cause at an average total cost of Rs 215 million per breach, followed by social engineering (Rs 213 million) and phishing (Rs 209 million) as the next highest costs.

According to the 2024 report, 34% of data breaches studied in India involved data stored on public clouds and 29% across multiple environments (including public cloud, private cloud and on-prem). Breached data stored on public clouds represented the highest costs (Rs 227 million), while incidents spanning multiple environments took the longest to identify and contain (327 days).

Industries impacted

The Indian industrial sector faced the highest impact from data breaches, with average cost reaching Rs 255 million, followed by the technology industry at Rs 243 million and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors - such as healthcare, financial services, industrial, technology, and energy organizations - incurred the highest breach costs across industries.

In India, offensive security testing (such as red teaming and pen/vulnerability testing), implementing AI and machine learning-driven insights, and conducting proactive threat hunting were some of the factors that helped studied organisations decrease the total cost of data breaches.

Time is another relevant factor in India, as the report also found that organisations that took less than 200 days to identify and contain a data breach incurred an average cost of Rs 184 million. By contrast, organisations with a data breach lifecycle extending beyond 200 days incurred an average cost of Rs 205 million.

Continuing the trend from the 2023 report, security AI and automation played a significant role in accelerating the speed of breach identification and containment for organisations studied. In India, when these technologies were used extensively, local companies shortened the data breach lifecycle by 112 days and incurred an average of Rs 130 million less in breach costs, compared to organisations without security AI and automation deployments.

In this context, the report reflected that 28% of organisations in India are now extensively deploying security AI and automation, compared to 20% in 2023. However, there remains significant potential for growth in India, as currently 72% of studied organizations have limited (35%) or no use (37%) of security AI and automation.

"The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial, and operational aspects.

Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organizational resources is essential,” said Viswanath Ramaswamy, Vice President of technology, IBM India & South Asia.

Read full story

Topics: Business, Technology

Did you find this story helpful?

Author

QUICK POLL

What will be the biggest impact of AI on HR in 2025?