Data breach costs in India surge to Rs 17.9 crore in 2023: IBM study

The average cost of a data breach in India soared to an unprecedented Rs 17.9 crore in 2023, marking an all-time high for the country, as stated in the recent IBM Security report. This figure signifies a significant surge of almost 28 per cent since 2020. Among the various attack types witnessed in India, phishing emerged as the most common, accounting for nearly 22 per cent of the breaches, closely followed by stolen or compromised credentials at 16 per cent. Surprisingly, social engineering was identified as the costliest root cause of breaches, incurring an average cost of Rs 19.1 crore, followed by malicious insider threats that amounted to nearly Rs 18.8 crore. Over the same period, detection and escalation costs saw a sharp increase of 45 per cent, making up the largest portion of breach-related expenses. This upward trend indicates a shift towards more complex and challenging breach investigations. In a positive development, Artificial Intelligence (AI) and automation played a crucial role in the swift identification and containment of breaches for the organizations surveyed. However, the report highlighted that about 80 per cent of the studied organizations in India had limited (37 per cent) or no use (43 per cent) of AI and automation, suggesting the need for wider adoption of these technologies to bolster cybersecurity defences in the country. “IBM Security today released its annual Cost of a Data Breach Report, showing the average cost of a data breach in India reached Rs 17.9 crore in 2023 an all-time high for the report and almost a 28 per cent increase since 2020,” according to a release. According to the 2023 IBM report, globally businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The report found that while 95 per cent of organisations studied globally have experienced more than one breach, these organisations were more likely to pass incident costs onto consumers (57 per cent) than to increase security investments (51 per cent). In India, 28 per cent of data breaches studied resulted in the loss of data spanning multiple types of environments (public cloud, private cloud, on-premise). This indicates that attackers were able to compromise multiple environments while avoiding detection. When breached data was stored across multiple environments, it also had the highest associated breach costs (Rs 18.8 crore) and took the longest to identify and contain (327 days)," according to IBM. Artificial Intelligence and automation had the biggest impact on the speed of breach identification and containment for studied organisations. “In India, companies with extensive use of AI and automation experienced a data breach lifecycle that was 153 days shorter compared to studied organisations that have not deployed these technologies (225 days versus 378 days),” it said. The studied organisations that deployed security AI and automation extensively saw nearly Rs 9.5 crore lower data breach costs than organisations that didn’t deploy these technologies, the biggest cost saver identified in the report.