Average Cost Of Data Breach In India Reaches All-Time High Of Rs 19.5 Crore
The most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18% incidents each.
IBM's latest annual Cost of a Data Breach Report reveals the average cost of a data breach in India has reached an all-time high of Rs 195 million, or Rs 19.5 crore, in 2024.
Breach costs have jumped 39% since 2020 and 9% from the previous year, as they grow more disruptive and further expand demands on cyber teams. Globally, 70% of breached organisations reported that breaches caused significant or very significant disruption.
Lost business and notification costs drove the year-over-year cost spike in India, as the collateral damage from data breaches has only intensified. The cost of lost business—operational downtime, lost customers, and reputation damage, among others—has escalated nearly 45%, and notification costs jumped 19% from the previous year.
The slight rise in detection and escalation costs (almost 7% over the same time frame), reflects the complexity of breach investigations, and once again represents the highest portion of breach costs in India.
"The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects."
"Considering that India is getting ready for the rollout of the DPDP Act, 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential,” said Viswanath Ramaswamy, vice-president of technology at IBM India and South Asia.
Prominent Attack Vectors
The most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18% incidents each. This was followed by cloud misconfiguration (12%). Business email compromise was the costliest root cause at an average total cost of Rs 215 million per breach, followed by social engineering (Rs 213 million) and phishing (Rs 209 million) as the next highest costs.
Data Breached Across Multiple Environments
According to the 2024 report, 34% of data breaches studied in India involved data stored on public clouds and 29% across multiple environments (including public cloud, private cloud and on premise). Breached data, stored on public clouds, represented the highest costs at Rs 227 million, while incidents spanning multiple environments took the longest to identify and contain (327 days).
Industries Impacted
The Indian industrial sector faced the highest impact from data breaches, with average cost reaching Rs 255 million, followed by the technology industry at Rs 243 million and the pharmaceutical sector at Rs 221 million. Globally, critical infrastructure sectors—such as healthcare, financial services, industrial, technology, and energy organisations—incurred the highest breach costs across industries.
Key Factors That Decreased Costs
In India, offensive security testing (such as red teaming and pen/vulnerability testing), implementing AI and machine learning-driven insights, and conducting proactive threat hunting were some of the factors that helped studied organisations decrease the total cost of data breaches.
Time Dimension
Time is another relevant factor in India, as the report also found that organisations which took less than 200 days to identify and contain a data breach, incurred an average cost of Rs 184 million. By contrast, organisations with a data breach lifecycle extending beyond 200 days incurred an average cost of Rs 205 million.
The Case For Security AI And Automation
Continuing the trend from the 2023 report, security AI and automation played a significant role in accelerating the speed of breach identification and containment for organisations studied.
In India, when these technologies were used extensively, local companies shortened the data breach lifecycle by 112 days and incurred an average of Rs 130 million less in breach costs, compared to organisations without security AI and automation deployments.
In this context, the report reflected that 28% of organisations in India are now extensively deploying security AI and automation, as compared to 20% in 2023. However, there remains significant potential for growth in India, as currently 72% of studied organisations have limited (35%) or no use (37%) of security AI and automation.
