Rs 17.9 Cr: Average Cost Of Data Breach In India Surges To All-Time High In 2023

A new report has shed light on the alarming state of data breaches in India, with the average cost reaching an all-time high of Rs 17.9 crore. This figure reflects a substantial increase of nearly 28 per cent since 2020, highlighting the escalating severity of cyberattacks in the country.

The report highlighted that detection and escalation costs witnessed a staggering 45 per cent surge over the same period, becoming the primary contributor to breach expenses. This shift indicates a growing trend towards more intricate breach investigations, posing significant challenges to affected organisations.

Interestingly, the difference between the average total cost of a data breach in 2022 and 2023 is Rs 0.3 crore (Rs 17.9 crore - Rs 17.6 crore). This indicates that the average cost per data breach increased slightly in 2023 compared to the previous year. While the increase may seem relatively small in absolute terms, it represents a 1.7 per cent rise from the 2022 figure of Rs 17.6 crore. 

Phishing emerged as the most common attack type, accounting for nearly 22 per cent of all incidents in India. Stolen or compromised credentials followed closely behind at 16 per cent, underscoring the importance of strengthening user authentication processes. Social engineering emerged as the costliest root cause of breaches, incurring a staggering Rs 19.1 crore, closely trailed by malicious insider threats at approximately Rs 18.8 crore.

Globally, the ‘Cost of a Data Breach Report’ by IBM found that while 95 per cent of organisations surveyed experienced more than one breach, the response to the increasing frequency and costs of such incidents varied. Surprisingly, 57 per cent of breached organisations passed the incident costs onto consumers, while only 51 per cent chose to increase investments in security measures.

The study also exposed that 28 per cent of data breaches in India led to the loss of data spanning multiple environments, such as public cloud, private cloud, and on-premises systems. This suggests that attackers were adept at compromising various environments while avoiding detection. Additionally, data breaches involving multiple environments were associated with the highest breach costs, amounting to Rs 188 million, and took an average of 327 days to identify and contain.

In a statement, Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia said, “With cyberattacks growing in pace and cost in India, businesses must invest in modern security strategies and solutions to stay resilient. The report shows that security AI and automation had the biggest impact on keeping breach costs down and cutting time off the investigation - and yet a majority of organisations in India still haven’t deployed these technologies. It’s clear that there is still considerable opportunity for businesses to boost detection and response speeds and help stop the ongoing trend of growing breach costs.” 

The report emphasised the necessity of accelerating the adoption of AI and automation in India. Organisations that extensively used these technologies experienced a significantly shorter data breach lifecycle, with a reduction of 153 days compared to those that did not deploy them (225 days versus 378 days). 

Moreover, businesses with extensive use of AI and automation saved nearly Rs 95 million on data breach costs, making it the most impactful cost-saving measure identified in the report. Surprisingly, the study revealed that 80 per cent of organisations in India had limited (37 per cent) or no use (43 per cent) of AI and automation, indicating a considerable opportunity for improvement in this area.

In June, another report revealed that the cybersecurity industry in India has around 40,000 job openings as of May 2023 but the demand-supply gap stands at a massive 30 per cent. This concerning gap is despite India's burgeoning cybersecurity market, which is projected to reach a staggering USD 3.5 billion by 2027, boasting a compound annual growth rate (CAGR) of 8.05 per cent. This discrepancy presents a critical challenge that needs to be addressed to ensure a secure digital landscape for Indian businesses.