At ₹17.9 crore, average cost of data breach in India at an all-time high: Report

In 2023, the average cost of data breach in India has reached an all time high of ₹17.9 crore. This is close to a 30% increase in the breach incidents in 2020, the Cost of a Data Breach report by technology company IBM revealed. 

The most common type of attack in India is phishing, which followed by stolen and compromised credentials. Social engineering, a manipulation technique to solicit information from people, was termed as the ‘costliest’ root cause of data breaches at ₹19.1 crore, followed by malicious insider threats (₹18.8 crore).

Notably, in February this, IT minister Rajeev Chandrasekar informed the Parliament that as per government body Computer Emergency Response Team’s (CERT-In) data, in 2021 and 2022, there have been 14,02,809 and 13,91,457 cybersecurity incidents, respectively. Of these, 42 and 50 attacks have been central and state government websites.

The government-backed CoWin app was reported to be the latest victim of a massive data breach. It came to light in June, where critical information of Covid-19 vaccination beneficiaries – like Aadhaar card details – was allegedly exposed on a Telegram bot. The bot was eventually taken down. “CERT-In in its initial report has pointed out that backend database for Telegram bot was not directly accessing the APIs of CoWIN database,” a government statement on June 12 said.

Further, IBM’s report states that artificial intelligence and automation can be very beneficial in identifying the breach and containing it. The study found that companies which used AI were able to limit the data breach timecycle to 225 days, compared to 378 days taken by companies which did not. Such organisations with extensive use of security AI and automation could also cut data breach costs by ₹9.5 crore.

“The report shows that security AI and automation had the biggest impact on keeping breach costs down and cutting time off the investigation – and yet a majority of organisations in India still haven’t deployed these technologies. It’s clear that there is still considerable opportunity for businesses to boost detection and response speeds and help stop the ongoing trend of growing breach costs,” said Viswanath Ramaswamy, vice president, technology, IBM India and South Asia.