Average cost of data breach in India reaches over Rs 17cr: Report

NEW DELHI: The average cost of a data breach in India reached Rs 17.9 crore in 2023, almost a 28 per cent increase since 2020, a new report said on Tuesday.

According to tech major IBM, detection and escalation costs jumped 45 per cent over this same time frame, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations.

At nearly 22 per cent, the most common attack type in India was phishing, followed by stolen or compromised credentials (16 per cent).

Social engineering was the costliest root cause of breaches at Rs 19.1 crore, followed by malicious insider threats, which amounted to about Rs 18.8 crore.

"The report shows that security AI and automation had the biggest impact on keeping breach costs down and cutting time off the investigation -- and yet a majority of organizations in India still haven't deployed these technologies," said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.

Moreover, the report showed that about 28 per cent of data breaches resulted in the loss of data spanning multiple types of environments in India (i.e., public cloud, private cloud, on-prem) -- indicating that attackers were able to compromise multiple environments while avoiding detection.

The report also found that while 95 per cent of organisations studied globally have experienced more than one breach, these breached organisations were more likely to pass incident costs onto consumers (57 per cent) than to increase security investments (51 per cent).

In India, companies with extensive use of AI and automation experienced a data breach lifecycle that was 153 days shorter compared to studied organizations that have not deployed these technologies (225 days versus 378 days).

Organisations that used security AI and automation extensively saw nearly Rs 9.5 crore less in data breach costs than organisations that did not use these technologies.