BENGALURU: Cyber attacks are gaining pace, and their impact on organisations becomes multi-dimensional, affecting reputational, financial, and operational aspects.
The average cost of a data breach in India reached an all-time high of Rs 19.5 crore in 2024, according to IBM's Data Breach Report. It reveals that breach costs jumped 39% since 2020 and 9% from the prior year, as breaches grow more disruptive and further expand demands on cyber teams.
Globally, 70 per cent of breached organisations reported that the breach led to significant or very significant disruption.
"Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.
Phishing and stolen or compromised credentials are the most common initial attack types in India, as they account for 18 per cent of incidents each. Business email compromise was the costliest root cause at an average total cost of Rs 21.5 crore per breach, followed by social engineering, which costs Rs 21.3 crore, and phishing costs about Rs 20.9 crore as the next high cost.
According to the report, 34 per cent of data breaches studied in India involved data stored on public clouds and 29 per cent across multiple environments (including public clouds, private clouds, and on-prem). Breached data stored on public clouds represented the highest costs (Rs 22.7 crore), while incidents spanning multiple environments took 327 days to identify and contain.
Time plays a crucial role
Time is another relevant factor in India, as the report also found that organisations that took less than 200 days to identify and contain a data breach incurred an average cost of Rs 18.4 crore. By contrast, organisations with a data breach lifecycle extending beyond 200 days incurred an average cost of Rs 20.5 crore.
The report adds that security AI and automation played a significant role in accelerating the speed of breach identification and containment for organisations studied.
In India, when these technologies were used extensively, local companies shortened the data breach lifecycle by 112 days and incurred an average of Rs 13 crore less in breach costs, compared to organisations without security AI and automation deployments.
The report added that 28 per cent of organisations in the country are now extensively deploying security AI and automation, compared to 20 per cent in 2023.
