Data breaches have long been a matter of concern in India. In 2018, India experienced the second-highest number of data breach incidents worldwide. Now, IBM Security unveiled its annual Cost of a Data Breach Report, revealing that the average cost of a data breach in India reached an all-time high of Rs179 million in 2023. This marks a substantial 28% increase compared to the figures recorded in 2020.

Over this period, there was a notable 45% increase in detection and escalation costs, making it the largest component of breach expenses. This rise suggests a shift towards more intricate breach investigations.

Phishing emerged as the most prevalent attack type in India, accounting for nearly 22% of incidents, while stolen or compromised credentials followed at 16%. Among the root causes of breaches, social engineering incurred the highest cost, totalling Rs191 million, closely followed by malicious insider threats, which amounted to approximately Rs 188 million.

As per the 2023 IBM report, businesses worldwide are adopting different approaches to cope with the rising cost and frequency of data breaches. The report indicates that 95% of the studied organisations globally have encountered more than one breach. Interestingly, these breached organizations are more inclined to transfer incident costs to consumers (57%) rather than boosting security investments (51%).

“With cyberattacks growing in pace and cost in India, businesses must invest in modern security strategies and solutions to stay resilient. The report shows that security AI and automation had the biggest impact on keeping breach costs down and cutting time off the investigation - and yet a majority of organisations in India still haven’t deployed these technologies. It’s clear that there is still considerable opportunity for businesses to boost detection and response speeds and help stop the ongoing trend of growing breach costs,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.

Breaching data across environments

Among the data breaches studied in India, 28% involved the loss of data across different types of environments, such as public cloud, private cloud, and on-premises systems. 

This suggests that attackers managed to compromise multiple environments without getting detected. When breached data was distributed across various environments, it incurred the highest breach costs (INR 188 million) and took the longest time to be identified and contained (327 days).

Need for AI and automation to pick up speed in India

AI and automation had a significant impact on breach identification and containment speed for the organisations studied. In India, companies that extensively utilised AI and automation experienced a much shorter data breach lifecycle, with a difference of 153 days compared to organisations that had not deployed these technologies (225 days versus 378 days). 

Notably, organisations extensively employing security AI and automation witnessed data breach costs reduced by nearly Rs 95 million, making it the most substantial cost-saving factor highlighted in the report. However, it's important to note that 80% of the studied organisations in India had limited (37%) or no use (43%) of AI and automation.