Indian organisations' average cost of data breaches reached Rs 17.9 crore in 2023: a 28 per cent increase since 2020 and a record high, said a report on Tuesday.
The detection and escalation cost for organisations has increased 45 per cent since 2020, said IBM’s 'Security Cost of a Data Breach' report, indicating a shift towards more complex breach investigations.
Click here to connect with us on WhatsApp
At 22 per cent, phishing was the most common cyberattack in India. It was followed by stolen or compromised credentials (16 per cent). Social engineering was the costliest root cause of breaches at Rs 19.1 crore, followed by malicious insider threats, which amounted to approximately Rs 18.8 crore.
“With cyberattacks growing in pace and cost in India, businesses must invest in modern security strategies and solutions to stay resilient. The report shows that security AI (artificial intelligence) and automation had the biggest impact on keeping breach costs down and cutting time off the investigation – and yet a majority of organizations in India still haven’t deployed these technologies,” said Viswanath Ramaswamy, vice president, technology, IBM India & South Asia.
Globally, businesses are divided on how they plan to handle the increasing cost and frequency of data breaches. While 95 per cent of organisations studied globally have experienced more than one breach, they were more likely to pass incident costs onto consumers (57 per cent) than to increase security investments (51 per cent).
In India, 28 per cent of breaches studied resulted in the loss of data stored in multiple types of environments (public and private cloud, for example. This indicates that attackers were able to compromise multiple environments while avoiding detection. When data stored in multiple environments was breached, it had the highest associated cost (Rs 18.8 crore) and took the longest to identify and contain (327 days).
More From This Section
“It’s clear that there is still considerable opportunity for businesses to boost detection and response speeds and help stop the ongoing trend of growing breach costs,” said Ramaswamy.
AI and automation speed up breach identification and containment. In India, companies that extensively use AI and automation experienced a data breach lifecycle that was 153 days shorter compared to studied organizations that have not deployed these technologies (225 days versus 378 days).
Organisations that have deployed security AI and automation extensively saw nearly Rs 9.5 crore lower data breach costs than those that have not: the biggest cost-saver identified in the report. As many as 80 per cent of studied organisations the report studied in India have limited (37 per cent) or no use (43 per cent) of AI and automation.