New Delhi: The average cost of a data breach in India has seen a 28 per cent increase since 2020, reaching Rs 17.9 crore in 2023, according to IBM.
IBM published the report “Cost of a Data Breach” Monday, based on the findings of independent research conducted by the Ponemon Institute in Michigan.
The report also highlighted the importance of investments in security-related Artificial Intelligence and automation to reduce costs and time spent on the investigation of breaches.
“The overall mean time to identify and contain a data breach was 277 days or just over nine months,” the report noted. “That figure has remained relatively constant over the past few years of the report.”
“Organisations that used these capabilities extensively within their approach experienced, on average, a 108-day shorter time to identify and contain the breach,” IBM said in a release that accompanied the report.
Emphasising the need to switch to modern security strategies, Viswanath Ramaswamy, Vice President of Technology of IBM India and South Asia stated that “a majority of organisations in India still haven’t deployed these technologies”.
Data breaches in India
A data breach, as defined by the report, is a security violation in which unauthorised parties gain access to sensitive or confidential corporate data, including customer data records, intellectual property, and financial information.
The report pointed out that, globally, the healthcare sector continues to experience the highest data breach costs of all industries, with costs increasing 8.2 per cent to $10.93 million in 2023.
The susceptibility of the Indian healthcare industry to data breaches made news recently when reports about leaks from the government’s CoWin portal resurfaced in June this year.
The findings particular to India are derived from a collection of data breaches at 51 Indian organisations that took place between March 2022 and March 2023.
The report identified that social engineering, which includes attacks that rely on human interaction over technical hacking, was the costliest root cause of such data breaches, pegged at Rs 19.1 crore in 2023. The second-costliest type of breach was malicious insider threats, which are security risks arising from within the targeted organisation.
In India, phishing is the most common form of data breach, the report found. Over 22 per cent of data breaches involved the perpetrator masquerading as a legitimate business or individual. Spam emails from fake websites were some popular examples of phishing.
Over 16 per cent of data breaches occurred on account of stolen or compromised credentials, the report added.
Data breaches threaten organisations through increased identity thefts, frauds and scams. This leads to severe reputation damage for businesses, IBM said.
Also read: Despite 62% drop in data breaches, India among top 5 nations targeted by hackers, study finds