 "Data breach cost for Indian organisations up 39% since 2020: IBM report")
The average cost of a data breach in India this year reached Rs 19.5 crore, an all-time high. Costs for organisations have increased 39 per cent since 2020 as breaches become more disruptive, said a report by IBM on Wednesday.
Average cost has increased 9 per cent since 2023 and breaches are expanding demands on cybersecurity teams. As many as 70 per cent of organisations globally said data breaches caused "significant" or "very significant", according to the technology company's annual 'Cost of a Data Breach' report
"As cyberattacks gain pace and complexity, their impact on organisations becomes multidimensional, affecting reputational, financial and operational aspects. Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organizational resources is essential,” said Viswanath Ramaswamy, vice-president, technology, IBM India & South Asia, referring to the Digital Personal Data Protection Act, 2023.
"Lost business and notification costs drove the year-over-year cost spike in India, as the collateral damage from data breaches has only intensified," said the report. Business loss in the country in terms of operational downtime, customers, reputation damage and other factors increased 45 per cent from 2023. Notification costs jumped 19 per cent.
A 7 per cent rise in detection and escalation costs "represents the highest portion of breach costs" in India.
Phishing and stolen or compromised credentials were the most common cyberattacks in India, accounting for 18 per cent of incidents. They were followed by Cloud misconfiguration (12 per cent). Compromised business email was the costliest for organisations, costing an average total cost of Rs 21.5 crore per breach. Social engineering (Rs 21.3 crore) — the act of tricking people into giving up sensitive information — and phishing (Rs 20.9 crore) were the second and third costliest breaches.
As many as 34 per cent of breaches in India involved data stored on public Cloud and 29 per cent across multiple environments (including public and private Cloud). Breached data stored on public Cloud represented the highest costs (Rs 22.7 crore), while incidents spanning multiple environments took the longest to identify and contain (327 days).
Also Read
The Indian industrial sector suffered the highest impact of data breaches, with average cost reaching Rs 25.5 crore. It was followed by the technology industry at Rs 24.3 crore and the pharmaceutical sector at Rs 22.1 crore. Globally, critical infrastructure sectors such as health care, financial services, industrial, technology, and energy organisations incurred the highest breach costs among industries.
Indian organisations which took less than 200 days to identify and contain a data breach incurred an average cost of Rs 18.4 crore. Organisations where a data breach "lifecycle" extended beyond 200 days incurred an average cost of Rs 20.5 crore, according to the report.
AI, automation
Security artificial intelligence (AI) and automation played a "significant role" in accelerating organisations' ability to identify and contain breaches. Indian companies that extensively used the two technologies shortened the data breach lifecycle by 112 days and incurred an average Rs 13 crore less in breach costs.
The report said 28 per cent of organisations in India have "extensively deployed" security AI and automation, compared to 20 per cent in 2023. However, there remains significant potential for growth in India, as currently 72 per cent of studied organizations have limited (35 per cent) or no use (37 per cent) of security AI and automation.
The '2024 Cost of a Data Breach Report' is based on an analysis of real-world data breaches at 604 organisations globally between March 2023 and February 2024. The research, conducted by Ponemon Institute and sponsored and analysed by IBM, has been published for 19 consecutive years and has studied the breaches at more than 6,000 organisations.