The cost of a data breach has gone up sharply since the pandemic. A new report by IBM claims that the average cost of such breaches has gone up to ₹19.50 crore, up by 39 per cent since 2020 and 9 per cent over the last year’s number.
The 2024 Cost of a Data Breach Report also threw light on the most common attack vectors in India. Phishing and stolen or compromised credentials were identified as the leading causes, each accounting for 18 per cent of incidents.
Cloud misconfiguration followed closely at 12 per cent. Among these, business email compromise emerged as the costliest, averaging ₹21.5 crore a breach.
The industrial sector in India bore the brunt of these breaches, with an average cost of ₹25.5 crore. The technology and pharmaceutical sectors followed with costs of ₹24.3 crore and ₹22.1 crore respectively.
This aligns with global trends, where critical infrastructure sectors like healthcare, financial services, and energy experienced the highest breach costs.
The escalating costs are attributed to the growing complexity and disruptive nature of data breaches, which are placing immense strain on cybersecurity teams.
The report highlights that a staggering 70 per cent of breached organisations globally experienced significant operational disruptions due to these incidents. In India, the cost surge is primarily driven by a sharp rise in expenses related to lost business and notifications.
Lost business costs, encompassing operational downtime, customer attrition, and reputational damage, witnessed a substantial year-over-year increase of nearly 45 per cent. Notification costs involving informing affected parties about the breach rose by 19 per cent.
Viswanath Ramaswamy, Vice President of Technology at IBM India & South Asia, said the growing costs call for a proactive and AI-powered approach to cybersecurity. He noted that as cyberattacks become more sophisticated, their impact extends beyond financial losses to encompass reputational and operational consequences.
With India’s impending rollout of the DPDP Act 2023 (The Digital Personal Data Protection Bill, 2023, businesses must also be prepared to address the regulatory implications of data breaches, he said.
The study found that data breaches increasingly affect information stored across multiple environments. In India, 34 per cent of breaches involved data on public clouds, and 29 per cent spanned multiple environments, including public and private clouds, as well as on-premises storage.
Breaches in public clouds were the most expensive, averaging ₹22.7 crore, while incidents across multiple environments took the longest to identify and contain, with an average duration of 327 days.
The organisations that implemented offensive security testing, AI and machine learning-driven insights, and proactive threat hunting were able to reduce the financial impact of data breaches.
Additionally, companies that identified and contained breaches within 200 days incurred lower average costs compared to those with longer response times.
AI to the rescue
The report underscored the significant role of security AI and automation in accelerating breach identification and containment. In India, extensive use of these technologies reduced the data breach lifecycle by 112 days and resulted in an average cost savings of ₹13 crore.
While the adoption of security AI and automation is on the rise in India, with 28 per cent of organizations now extensively deploying these solutions, there remains substantial room for growth, as 72 per cent of studied organisations reported limited or no use.
The report is based on an analysis of real-world data breaches experienced by 604 organisations globally between March 2023 and February 2024.