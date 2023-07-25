The annual Cost of a Data Breach report found that detection and escalation costs jumped 45 percent in India since 2020, representing the highest portion of breach costs and indicating a shift towards more complex breach investigations.

The average cost of a data breach in India soared to an all-time high of Rs 17.9 crore in 2023, marking a significant 28 percent increase since 2020, according to IBM Security's annual Cost of a Data Breach report. The report analysed real-world data breaches from over 500 organisations worldwide and highlighted some crucial insights.

The most prevalent and expensive causes of data breaches in India were phishing, social engineering, and compromised credentials. Notably, detection and escalation costs in the country surged by 45 percent since 2020, constituting the largest portion of breach expenses. This increase indicated a shift towards more intricate and complex breach investigations.

Phishing and social engineering among the top causes of breaches

Phishing accounted for nearly 22 percent of the data breaches studied, making it the most common attack type in India. Stolen or compromised credentials followed closely, contributing to 16 percent of the breaches.

Among the root causes of these breaches, social engineering emerged as the most costly, resulting in losses of approximately Rs 19.1 crore. Malicious insider threats were the second most expensive, causing damages amounting to approximately Rs 18.8 crore.

Businesses divided on how to handle rising breach costs

The global response to the rising cost and frequency of data breaches varied among businesses. The report revealed that while 95 percent of organisations globally experienced multiple breaches. Breached organisations were more likely to pass incident costs onto consumers (57 percent) rather than increasing security investments (51 percent). This indicated a differing approach in managing the consequences of data breaches on a global scale.

“With cyberattacks growing in pace and cost in India, businesses must invest in modern security strategies and solutions to stay resilient. The report shows that security AI (Artificial intelligence) and automation had the biggest impact on keeping breach costs down and cutting time off the investigation - and yet a majority of organisations in India still haven’t deployed these technologies,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.

Multi-environment breaches pose higher risks and costs

The report also revealed that 28 percent of data breaches studied in India resulted in the loss of data spanning multiple types of environments (i.e., public cloud, private cloud, on-prem) – indicating that attackers were able to compromise various environments while avoiding detection.

When breached data was stored across multiple environments, it also had the highest associated breach costs (Rs 18.8 crore) and took the longest to identify and contain (327 days).

AI and automation can reduce breach costs and speed up response

The report highlighted the need for AI and automation to speed up breach response and reduce costs in India. Companies with extensive use of AI and automation experienced a data breach lifecycle that was 153 days shorter compared to studied organisations that have not deployed these technologies (225 days versus 378 days).

Moreover, studied organisations that extensively deployed security AI and automation saw nearly Rs 9.50 crore lower data breach costs than organisations that didn’t deploy these technologies – the biggest cost saver identified in the report. However, 80 percent of studied organisations in India have limited (37 percent) or no use (43 percent) of AI and automation.