Average cost of data breach in India reached an all-time high of Rs 195 Million, says IBM Report

The latest IBM cost of a data breach report has revealed a significant rise in the financial impact of data breaches in India, reaching an all-time high of Rs 195 million in 2024. This marks a 39% increase since 2020 and a 9% rise from the previous year.

The report highlights that 70% of breached organisations globally reported disruption. In India, lost business -- including operational downtime, loss of customers, and reputation damage -- drove about 45% increase in breach costs, while notification costs rose by 19% from the previous year.

Detection and escalation costs also saw a slight increase of nearly 7%, reflecting the intricate nature of breach investigations, which continue to represent the highest portion of breach costs in the country.

Viswanath Ramaswamy, Vice President, of Technology, IBM India & South Asia, said, "The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects."

He added, "Considering that India is getting ready for the rollout of the DPDP (Digital Personal Data Protection) Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential."

The report identifies phishing and stolen or compromised credentials as the most common initial attack types in India, each accounting for 18% of incidents.

Cloud misconfiguration followed at 12%. Business email compromise emerged as the costliest root cause, averaging Rs 215 million per breach, with social engineering (Rs 213 million) and phishing (Rs 209 million) also contributing to breach costs. Data breaches involving public clouds and multiple environments (including public cloud, private cloud, and on-premises) were particularly costly.

The report found that 34% of data breaches in India involved public clouds, with an average cost of Rs 227 million. Breaches spanning multiple environments took the longest to identify and contain, averaging 327 days.

The industrial sector in India experienced the highest breach costs, averaging Rs 255 million. The technology industry followed at Rs 243 million, and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors -- such as healthcare, financial services, industrial, technology, and energy organisations -- incurred the highest breach costs across industries.

Offensive security testing, AI and machine learning-driven insights, and proactive threat hunting were key factors that helped reduce the total cost of data breaches in India. Organisations that took less than 200 days to identify and contain a breach incurred an average cost of Rs 184 million, compared to Rs 205 million for those with a breach lifecycle extending beyond 200 days.

Security AI and automation significantly accelerated breach identification and containment. In India, extensive use of these technologies shortened the data breach lifecycle by 112 days and reduced breach costs by an average of Rs 130 million, compared to organisations without such deployments.

The report indicates that 28% of organisations in India are now extensively deploying security AI and automation, up from 20% in 2023.

However, there is still substantial potential for growth, as 72%of studied organisations have limited (35%) or no use (37%) of these technologies.