India Inc’s average cost of data breaches reached Rs 17.9 crore in 2023 – a 28 per cent increase since 2020, system software firm IBM Security said in a report on Tuesday.
This comes a fortnight after the Union Cabinet approved the draft of the Digital Personal Data Protection Bill (DPDP) Bill 2023 which proposes to levy a penalty of up to Rs 250 crore (instead of the initially proposed Rs 500 crores) on organisations for each data breach.
Notably, detection and escalation costs in the country surged by 45 per cent since 2020, constituting the largest portion of breach expenses. This increase indicated a shift towards more intricate and complex breach investigations.
Interestingly, the most prevalent causes of data breaches in India were phishing (22per cent) followed by compromised credentials (16 per cent) which also ranked among the top four costliest incident types. Social engineering was the costliest root cause of breaches at Rs 19.1 crore, followed by malicious insider threats, which amounted to approximately Rs 18.8 crore.
The report, which analysed real-world data breaches from over 500 corporates worldwide, stated AI and automation helped cut down the speed of breach identification and containment in four out of every 10 organisations surveyed.
In the Indian landscape, firms with extensive use of AI and automation experienced a data breach lifecycle that was 153 days shorter (225 days versus 378 days) compared to the rest. However, 80% of studied organisations have limited (37 per cent) or no use (43 per cent) of AI.
“Security AI and automation had the biggest impact on keeping breach costs down and cutting time off the investigation – and yet a majority of organisations in India still haven’t deployed these technologies,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.
“To date, investment in the cybersecurity function has been largely viewed as an expense and a burden,” said Darshit Ashara, Head of Security Research & Threat Intelligence at CloudSEK adding that organisations need to prioritise setting up policies to establish a secure posture but also make sure they are implemented.
According to the 2023 IBM report, globally businesses are divided in how they plan to handle the increasing cost and frequency of data breaches.
The report found that while 95% of organisations studied globally have experienced more than one breach, these organisations were more likely to pass incident costs onto consumers (57 per cent) than to increase security investments (51 per cent).
In India, 28 per centof data breaches studied resulted in loss of data spanning multiple types of environments — public cloud, private cloud, on-prem — indicating that attackers were able to compromise multiple environments while avoiding detection. When breached data was stored across multiple environments, it also had the highest associated breach costs (Rs 18.8 crore), and took the longest to identify and contain (327 days).
“It is essential for customers to adopt a regular exposure validation process for their security controls and diligently adhere to it,” said Shailendra Shyam Sahasrabudhe, Country Manager, India, Cymulate Ltd.
“It is clear that there is still considerable opportunity for businesses to boost detection and response speeds and help stop the ongoing trend of growing breach costs,” underscored Ramaswamy.
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks