Data Breach Costs in India Hit All-Time High of ₹195 Million, IBM Report Reveals

Average cost of data breach in India reached an all-time high of Rs 195 Million, says IBM Report | Business Insider India

The latest cost of a report has revealed a significant rise in the financial impact of data breaches in , reaching an all-time high of Rs 195 million in 2024. This marks a 39% increase since 2020 and a 9% rise from the previous year. The report highlights that 70% of breached organisations globally reported disruption. In India, lost business -- including operational downtime, loss of customers, and reputation damage -- drove about 45% increase in breach costs, while notification costs rose by 19% from the previous year. Detection and escalation costs also saw a slight increase of nearly 7%, reflecting the intricate nature of breach investigations, which continue to represent the highest portion of breach costs in the country. Viswanath Ramaswamy, Vice President, of Technology, IBM India & South Asia, said, "The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to . As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects." He added, "Considering that India is getting ready for the rollout of the DPDP (Digital Personal Data Protection) Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential." The report identifies and stolen or compromised credentials as the most common initial attack types in India, each accounting for 18% of incidents. Cloud misconfiguration followed at 12%. Business email compromise emerged as the costliest root cause, averaging Rs 215 million per breach, with social engineering (Rs 213 million) and phishing (Rs 209 million) also contributing to breach costs. Data breaches involving public clouds and multiple environments (including public cloud, private cloud, and on-premises) were particularly costly. The report found that 34% of data breaches in India involved public clouds, with an average cost of Rs 227 million. Breaches spanning multiple environments took the longest to identify and contain, averaging 327 days. The industrial sector in India experienced the highest breach costs, averaging Rs 255 million. The technology industry followed at Rs 243 million, and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors -- such as healthcare, financial services, industrial, technology, and energy organisations -- incurred the highest breach costs across industries. Offensive security testing, AI and machine learning-driven insights, and proactive threat hunting were key factors that helped reduce the total cost of data breaches in India. Organisations that took less than 200 days to identify and contain a breach incurred an average cost of Rs 184 million, compared to Rs 205 million for those with a breach lifecycle extending beyond 200 days. and automation significantly accelerated breach identification and containment. In India, extensive use of these technologies shortened the data breach lifecycle by 112 days and reduced breach costs by an average of Rs 130 million, compared to organisations without such deployments. The report indicates that 28% of organisations in India are now extensively deploying security AI and automation, up from 20% in 2023. However, there is still substantial potential for growth, as 72%of studied organisations have limited (35%) or no use (37%) of these technologies.

Average cost of data breach in India reached all-time high of Rs 195 Million: IBM Report

This marks a 39 per cent increase since 2020 and a 9 per cent rise from the previous year. The report highlights that 70 per cent of breached organisations globally reported disruption. In India, lost business -- including operational downtime, loss of customers, and reputation damage -- drove a nearly 45 per cent increase in breach costs, while notification costs rose by 19 per cent from the previous year. Detection and escalation costs also saw a slight increase of nearly 7 per cent, reflecting the intricate nature of breach investigations, which continue to represent the highest portion of breach costs in the country. Viswanath Ramaswamy, Vice President, of Technology, IBM India & South Asia, said, "The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects." He added, "Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential," The report identifies phishing and stolen or compromised credentials as the most common initial attack types in India, each accounting for 18 per cent of incidents. Cloud misconfiguration followed at 12 per cent. Business email compromise emerged as the costliest root cause, averaging Rs 215 million per breach, with social engineering (Rs 213 million) and phishing (Rs 209 million) also contributing to breach costs. Data breaches involving public clouds and multiple environments (including public cloud, private cloud, and on-premises) were particularly costly. The report found that 34 per cent of data breaches in India involved public clouds, with an average cost of Rs 227 million. Breaches spanning multiple environments took the longest to identify and contain, averaging 327 days. The industrial sector in India experienced the highest breach costs, averaging Rs 255 million. The technology industry followed at Rs 243 million, and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors -- such as healthcare, financial services, industrial, technology, and energy organisations -- incurred the highest breach costs across industries. Offensive security testing, AI and machine learning-driven insights, and proactive threat hunting were key factors that helped reduce the total cost of data breaches in India. Organisations that took less than 200 days to identify and contain a breach incurred an average cost of Rs 184 million, compared to Rs 205 million for those with a breach lifecycle extending beyond 200 days. Security AI and automation significantly accelerated breach identification and containment. In India, extensive use of these technologies shortened the data breach lifecycle by 112 days and reduced breach costs by an average of Rs 130 million compared to organisations without such deployments. The report indicates that 28 per cent of organisations in India are now extensively deploying security AI and automation, up from 20 per cent in 2023. However, there is still substantial potential for growth, as 72 per cent of studied organisations have limited (35 per cent) or no use (37 per cent) of these technologies. (ANI)

Data breach average cost touches all-time high in FY24: IBM report

IBM report pointed out that the most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18% of incidents each, followed by cloud misconfiguration (12%). India's average cost of data breaches in 2023 at $2.18 million was up 28% since 2020, the Reserve Bank of India (RBI) said in report on Currency and Finance for 2023-24 released two days ago.The average cost of a data breach in India reached an all-time high of Rs 19.5 crore ($2.35 million) in financial year 2024, up by around 7% over a year ago with the local industrial sector being the most impacted, revealed a report by software giant IBM. In comparison, the global average cost of a data breach increased 10% over the previous year, reaching $4.88 million in 2024 (from $4.45 million in 2023), the biggest jump since the pandemic," said the annual Cost of a Data Breach Report. "Escalating data breach disruption pushes average cost of a data breach in India to all-time high of Rs 195 million in 2024...Breach costs jumped 39% since 2020 and 9% from the prior year, as breaches grow more disruptive and further expand demands on cyber teams. Globally, 70% of breached organizations reported that the breach caused significant or very significant disruption," said the report. Further, the cost of lost business jumped nearly 45% year-on-year, which contributed to the significant rise in overall breach costs. The Indian industrial sector faced the highest impact from data breaches, with average cost reaching Rs 25.5 crore, followed by the technology industry at Rs 24.3 crore and the pharmaceutical sector at Rs 22.1 crore. "Globally, critical infrastructure sectors - such as healthcare, financial services, industrial, technology, and energy organizations - incurred the highest breach costs across industries," IBM report noted. India's average cost of data breaches in 2023 at $2.18 million was up 28% since 2020, the Reserve Bank of India (RBI) said in report on Currency and Finance for 2023-24 released two days ago. IBM report pointed out that the most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18% of incidents each, followed by cloud misconfiguration (12%). Business email compromise was the costliest root cause at an average total cost of Rs 21.5 crore per breach, followed by social engineering (Rs 21.3 crore) and phishing (Rs 20.9 crore) as the next highest costs. India ranked at 15 in terms of the average cost of a data breach while the US topped the number at $9.36 million, which declined by 1.3% from a year ago's cost at $9.38 million. This was followed by Middle East ($8.75 million), Benelux ($5.90 million), Germany ($5.31 million) and Italy ($4.73 million). Interestingly, besides the US, Canada (ranking 6th at $4.66 million in 2024 from $5.13 million in 2023) and Japan (ranking eighth at $4.19 million in 2024 vs $4.52 million in 2023) were the only two countries showing a decline in the average costs. The IBM report highlighted that lost business and notification costs drove the year-over-year cost spike in India, as the collateral damage from data breaches has only intensified. "The cost of lost business -- operational downtime, lost customers, and reputation damage, among others -- escalated nearly 45%, and notification costs jumped 19% from the previous year. The slight rise in detection and escalation costs (almost 7% over the same time frame), reflects the complexity of breach investigations, and once again represents the highest portion of breach costs in India," it said. IBM researchers studied 604 organisations impacted by data breaches between March 2023 and February 2024. The research was done across 17 industries, in 16 countries and regions, and breaches that ranged from 2,100 to 113,000 compromised records. "The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects," said Viswanath Ramaswamy, vice president - technology at IBM India & South Asia. He added, "Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential." Costs to rise India's central bank added that globally, cybercrime costs are expected to reach $13.82 trillion by 2028, up from $8.15 trillion in 2023. According to the IBM 2024 report, 34% of data breaches studied in India involved data stored on public clouds and 29% across multiple environments (including public cloud, private cloud and on-prem). Breached data stored on public clouds represented the highest costs (Rs 22.7 crore), while incidents spanning multiple environments took the longest to identify and contain at 327 days. Moreover, the report found that organisations which took less than 200 days to identify and contain a data breach incurred an average cost of Rs 18.4 crore. By contrast, organisations with a data breach lifecycle extending beyond 200 days incurred an average cost of Rs 20.5 crore. This also reflects the increased deployment of security artificial intelligence (AI) and automation by Indian businesses at about 28% of organisations as compared to 20% in 2023. However, there remains significant potential for growth in India, as currently 72% of studied organisations have limited (35%) or no use (37%) of security AI and automation.

Cost of data breach costs in India hits all-time high in FY24: IBM

IBM has released its annual Cost of a Data Breach report, which revealed that the average cost of a data breach in India has reached an all-time high of Rs. 19.5 crore ($2.35 million) during the financial year 2024. The numbers have jumped by 39% since 2020 and 9% from the previous year as data breaches become increasingly common. Collateral damage from these costs including operational downtime, local customers and reputational damage has increased by 45% with notification costs jumping up by 19% from the previous year. "Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritizing data security and safeguarding critical assets to help ensure that only the right people have access to organizational resources is essential," said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia. Dell warns users of data breach that impacted around 49 million customers: Report The most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18% of incidents each followed by cloud misconfiguration (12%). Business email compromise was the costliest root cause at an average total cost of INR 215 million per breach, followed by social engineering (INR 213 million) and phishing (INR 209 million) as the next highest costs. (For top technology news of the day, subscribe to our tech newsletter Today's Cache) The Indian industrial sector faced the highest impact from data breaches, with average cost reaching INR 255 million, followed by the technology industry at INR 243 million and the pharmaceutical sector at INR 221 million. According to the report, organizations which took less than 200 days to identify and contain a data breach incurred an average cost of INR 184 million. By contrast, organizations with a data breach lifecycle extending beyond 200 days incurred an average cost of INR 205 million.In India, AI helped local companies shorten the data breach lifecycle by 112 days and incurred an average INR 130 million less in breach costs, compared to organizations without security AI and automation deployments. Read Comments

IBM Report: Escalating Data Breach Disruption Pushes Average Cost of a Data Breach in India to All-Time High of INR 195 Million in 2024

The cost of lost business jumped nearly 45% year-on-year, which contributed to the significant rise in overall breach costs. The local Industrial sector experienced the costliest breaches across industries. IBM (NYSE: IBM) today released its annual Cost of a Data Breach Report revealing the average cost of a data breach in India reached an all-time high of INR 195 million in 2024. Breach costs jumped 39% since 2020 and 9% from the prior year, as breaches grow more disruptive and further expand demands on cyber teams. Globally, 70% of breached organizations reported that the breach caused significant or very significant disruption. Lost business and notification costs drove the year-over-year cost spike in India, as the collateral damage from data breaches has only intensified. The cost of lost business -- operational downtime, lost customers, and reputation damage, among others -- escalated nearly 45%, and notification costs jumped 19% from the previous year. The slight rise in detection and escalation costs (almost 7% over the same time frame), reflects the complexity of breach investigations, and once again represents the highest portion of breach costs in India. "The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organizations becomes multi-dimensional, affecting reputational, financial and operational aspects. Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritizing data security and safeguarding critical assets to help ensure that only the right people have access to organizational resources is essential," said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia. Prominent attack vectors The most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18% of incidents each. Followed by cloud misconfiguration (12%). Business email compromise was the costliest root cause at an average total cost of INR 215 million per breach, followed by social engineering (INR 213 million) and phishing (INR 209 million) as the next highest costs. Data breached across multiple environments According to the 2024 report, 34% of data breaches studied in India involved data stored on public clouds and 29% across multiple environments (including public cloud, private cloud and on-prem). Breached data stored on public clouds represented the highest costs (INR 227 million), while incidents spanning multiple environments took the longest to identify and contain (327 days). Industries impacted The Indian industrial sector faced the highest impact from data breaches, with average cost reaching INR 255 million, followed by the technology industry at INR 243 million and the pharmaceutical sector at INR 221 million. Globally, critical infrastructure sectors - such as healthcare, financial services, industrial, technology, and energy organizations - incurred the highest breach costs across industries. Key factors that decreased costs In India, offensive security testing (such as red teaming and pen/vulnerability testing), implementing AI and machine learning-driven insights, and conducting proactive threat hunting were some of the factors that helped studied organizations decrease the total cost of data breaches. Time dimension Time is another relevant factor in India, as the report also found that organizations which took less than 200 days to identify and contain a data breach incurred an average cost of INR 184 million. By contrast, organizations with a data breach lifecycle extending beyond 200 days incurred an average cost of INR 205 million. The case for security AI and automation Continuing the trend from the 2023 report, security AI and automation played a significant role in accelerating the speed of breach identification and containment for organizations studied. In India, when these technologies were used extensively, local companies shortened the data breach lifecycle by 112 days and incurred an average INR 130 million less in breach costs, compared to organizations without security AI and automation deployments. In this context, the report reflected that 28% of organizations in India are now extensively deploying security AI and automation, compared to 20% in 2023. However, there remains significant potential for growth in India, as currently 72% of studied organizations have limited (35%) or no use (37%) of security AI and automation. About the report The 2024 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024. The research, conducted by Ponemon Institute, and sponsored and analyzed by IBM, has been published for 19 consecutive years and has studied the breaches of more than 6,000 organizations, becoming an industry benchmark. Additional Sources Download a copy of the 2024 Cost of a Data Breach Report.Sign up for the 2024 IBM Security Cost of a Data Breach webinar on Tuesday, August 13, 2024, at 11:00 a.m. ET.Read more about the report's top findings in this IBM Security Intelligence blog. About IBM IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. More than 4,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity and service. Visit ibm.com for more information.

Average cost of data breach in India reached record high of Rs 19.5 crore: IBM Report - Times of India

NEW DELHI: The financial impact of data breaches in India has increased to a record high of 19.5 crore in 2024, as revealed in an IBM cost of a data breach report. This represents a 39 per cent rise since 2020 and a 9 per cent increase from the previous year. The report further indicates that 70 per cent of breached organisations worldwide experienced disruption while in India, lost business, which includes operational downtime, customer attrition, and reputational harm, contributed to a nearly 45 per cent surge in breach costs. Additionally, notification expenses increased by 19 per cent compared to the previous year. Detection and escalation costs also witnessed a minor increase of nearly 7 per cent, highlighting the complexity of breach investigations, which continue to account for the largest portion of breach costs in the country. "The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects," said Viswanath Ramaswamy, vice president of Technology, IBM India & South Asia. "Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential," Ramaswamy added. The report identified phishing and stolen or compromised credentials as the most prevalent initial attack types in India, each responsible for 18 per cent of incidents. Cloud misconfiguration followed closely at 12 per cent. Business email compromise emerged as the most expensive root cause, with an average cost of Rs 215 million per breach. Social engineering (Rs 213 million) and phishing (Rs 209 million) also contributed significantly to breach costs. Data breaches involving public clouds and multiple environments, including public cloud, private cloud, and on-premises, proved to be particularly costly. The report revealed that 34 per cent of data breaches in India involved public clouds, with an average cost of Rs 227 million. Breaches spanning multiple environments took the longest time to identify and contain, averaging 327 days. The highest breach costs in India's industrial sector averaged Rs 255 million, followed by the technology industry at Rs 243 million and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors, including "healthcare, financial services, industrial, technology, and energy organisations," experienced the highest breach costs across industries. Offensive security testing, AI and machine learning-driven insights, and proactive threat hunting played crucial roles in reducing the total cost of data breaches in India. Organisations that identified and contained a breach within 200 days incurred an average cost of Rs 184 million, while those with a breach lifecycle exceeding 200 days faced an average cost of Rs 205 million. The implementation of security AI and automation significantly expedited breach identification and containment. In India, extensive use of these technologies reduced the data breach lifecycle by 112 days and lowered breach costs by an average of Rs 130 million compared to organisations without such deployments. The report reveals that 28 per cent of organisations in India are now extensively deploying security AI and automation, an increase from 20 per cent in 2023. However, there is still considerable room for growth, as 72 per cent of the studied organisations have limited (35 per cent) or no use (37 per cent) of these technologies. The TOI Business Desk is a vigilant and dedicated team of journalists committed to delivering the latest and most relevant business news from around the world to readers of The Times of India. The primary focus of the TOI Business Desk is to keep a watchful eye on the global business landscape, covering a wide spectrum of industries, markets, economic trends, in-depth analysis, exclusive reports and breaking stories that impact businesses and economies. With a mission to provide valuable insights and updates, the desk ensures that TOI readers are well-informed about the ever-changing and dynamic world of commerce and can navigate the complexities of the business world.

Cost of a data breach up at ₹19.5 crore, up by 39% since 2020

The cost of a data breach has gone up sharply since the pandemic. A new report by IBM claims that the average cost of such breaches has gone up to ₹19.50 crore, up by 39 per cent since 2020 and 9 per cent over the last year's number. The 2024 Cost of a Data Breach Report also threw light on the most common attack vectors in India. Phishing and stolen or compromised credentials were identified as the leading causes, each accounting for 18 per cent of incidents. Cloud misconfiguration followed closely at 12 per cent. Among these, business email compromise emerged as the costliest, averaging ₹21.5 crore a breach. Also read: 593 cyber attack cases reported in H1 of 2024: India Breach Report The industrial sector in India bore the brunt of these breaches, with an average cost of ₹25.5 crore. The technology and pharmaceutical sectors followed with costs of ₹24.3 crore and ₹22.1 crore respectively. This aligns with global trends, where critical infrastructure sectors like healthcare, financial services, and energy experienced the highest breach costs. The escalating costs are attributed to the growing complexity and disruptive nature of data breaches, which are placing immense strain on cybersecurity teams. The report highlights that a staggering 70 per cent of breached organisations globally experienced significant operational disruptions due to these incidents. In India, the cost surge is primarily driven by a sharp rise in expenses related to lost business and notifications. Lost business costs, encompassing operational downtime, customer attrition, and reputational damage, witnessed a substantial year-over-year increase of nearly 45 per cent. Notification costs involving informing affected parties about the breach rose by 19 per cent. Viswanath Ramaswamy, Vice President of Technology at IBM India & South Asia, said the growing costs call for a proactive and AI-powered approach to cybersecurity. He noted that as cyberattacks become more sophisticated, their impact extends beyond financial losses to encompass reputational and operational consequences. With India's impending rollout of the DPDP Act 2023 (The Digital Personal Data Protection Bill, 2023, businesses must also be prepared to address the regulatory implications of data breaches, he said. The study found that data breaches increasingly affect information stored across multiple environments. In India, 34 per cent of breaches involved data on public clouds, and 29 per cent spanned multiple environments, including public and private clouds, as well as on-premises storage. Breaches in public clouds were the most expensive, averaging ₹22.7 crore, while incidents across multiple environments took the longest to identify and contain, with an average duration of 327 days. The organisations that implemented offensive security testing, AI and machine learning-driven insights, and proactive threat hunting were able to reduce the financial impact of data breaches. Also read: CERT issues advisory against potential fishing attacks Additionally, companies that identified and contained breaches within 200 days incurred lower average costs compared to those with longer response times. AI to the rescue The report underscored the significant role of security AI and automation in accelerating breach identification and containment. In India, extensive use of these technologies reduced the data breach lifecycle by 112 days and resulted in an average cost savings of ₹13 crore. While the adoption of security AI and automation is on the rise in India, with 28 per cent of organizations now extensively deploying these solutions, there remains substantial room for growth, as 72 per cent of studied organisations reported limited or no use. The report is based on an analysis of real-world data breaches experienced by 604 organisations globally between March 2023 and February 2024. Also read: You are on hold: How customer service centres are wasting people's timeSHARE Copy linkEmailFacebookTwitterTelegramLinkedInWhatsAppRedditPublished on July 31, 2024