The average cost of a data breach in India reached ₹17.9 crore in 2023, an all-time high and almost 28 per cent increase since 2020, according to IBM Security’s Cost of a Data Breach Report. 

Detection and escalation costs jumped 45 per cent over this same time frame, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations, said the report. 

At nearly 22 per cent, the most common attack type in India was phishing, followed by stolen or compromised credentials (16 per cent). Social engineering was the costliest root cause of breaches at ₹19.1 crore, followed by malicious insider threats, which amounted to approximately ₹18.8 crore.

Also read: India had highest number of ChatGPT breaches

“With cyberattacks growing in pace and cost in India, businesses must invest in modern security strategies and solutions to stay resilient. The report shows that security AI and automation had the biggest impact on keeping breach costs down and cutting time off the investigation — and yet a majority of organisations in India still haven’t deployed these technologies,” said Viswanath Ramaswamy, Vice-President, Technology, IBM India and South Asia.

According to the 2023 IBM report, globally, businesses are divided on how they plan to handle the increasing cost and frequency of data breaches. The report found that while 95 per cent of organisations studied have experienced more than one breach, these organisations were more likely to pass incident costs onto consumers (57 per cent) than increase security investments (51 per cent).

Also read: Adhere procedures to block data breach: CAG to UIDAI

Loss of data

In India, 28 per cent of data breaches studied resulted in loss of data spanning multiple types of environments — public cloud, private cloud, on-prem — indicating that attackers were able to compromise multiple environments while avoiding detection. When breached data was stored across multiple environments, it also had the highest associated breach costs (₹18.8 crore), and took the longest to identify and contain (327 days).

AI and automation had the biggest impact on the speed of breach identification and containment for studied organisations. In India, companies with extensive use of AI and automation experienced a data breach lifecycle that was 153 days shorter compared to studied organisations that have not deployed these technologies (225 days versus 378 days).

In fact, studied organisations that deployed security AI and automation extensively saw nearly ₹95 million lower data breach costs than organisations that didn’t deploy these technologies — the biggest cost saver identified in the report.