INDIA, Bengaluru, July 31, 2024-- IBM (NYSE: IBM) today released its annual Cost of a Data Breach Report revealing the average cost of a data breach in India reached an all-time high of INR 195 million in 2024. Breach costs jumped 39% since 2020 and 9% from the prior year, as breaches grow more disruptive and further expand demands on cyber teams. Globally, 70% of breached organizations reported that the breach caused significant or very significant disruption.

Lost business and notification costs drove the year-over-year cost spike in India, as the collateral damage from data breaches has only intensified. The cost of lost business —operational downtime, lost customers, and reputation damage, among others— escalated nearly 45%, and notification costs jumped 19% from the previous year. The slight rise in detection and escalation costs (almost 7% over the same time frame), reflects the complexity of breach investigations, and once again represents the highest portion of breach costs in India.

"The findings from this year's IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organizations becomes multi-dimensional, affecting reputational, financial and operational aspects. Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritizing data security and safeguarding critical assets to help ensure that only the right people have access to organizational resources is essential,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.

Prominent attack vectors

The most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18% of incidents each. Followed by cloud misconfiguration (12%). Business email compromise was the costliest root cause at an average total cost of INR 215 million per breach, followed by social engineering (INR 213 million) and phishing (INR 209 million) as the next highest costs.

Data breached across multiple environments

According to the 2024 report, 34% of data breaches studied in India involved data stored on public clouds and 29% across multiple environments (including public cloud, private cloud and on-prem). Breached data stored on public clouds represented the highest costs (INR 227 million), while incidents spanning multiple environments took the longest to identify and contain (327 days).

Industries impacted

The Indian industrial sector faced the highest impact from data breaches, with average cost reaching INR 255 million, followed by the technology industry at INR 243 million and the pharmaceutical sector at INR 221 million. Globally, critical infrastructure sectors - such as healthcare, financial services, industrial, technology, and energy organizations - incurred the highest breach costs across industries.

Key factors that decreased costs

In India, offensive security testing (such as red teaming and pen/vulnerability testing), implementing AI and machine learning-driven insights, and conducting proactive threat hunting were some of the factors that helped studied organizations decrease the total cost of data breaches.

Time dimension

Time is another relevant factor in India, as the report also found that organizations which took less than 200 days to identify and contain a data breach incurred an average cost of INR 184 million. By contrast, organizations with a data breach lifecycle extending beyond 200 days incurred an average cost of INR 205 million.

The case for security AI and automation

Continuing the trend from the 2023 report, security AI and automation played a significant role in accelerating the speed of breach identification and containment for organizations studied. In India, when these technologies were used extensively, local companies shortened the data breach lifecycle by 112 days and incurred an average INR 130 million less in breach costs, compared to organizations without security AI and automation deployments.

In this context, the report reflected that 28% of organizations in India are now extensively deploying security AI and automation, compared to 20% in 2023. However, there remains significant potential for growth in India, as currently 72% of studied organizations have limited (35%) or no use (37%) of security AI and automation.

About the report

The 2024 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024. The research, conducted by Ponemon Institute, and sponsored and analyzed by IBM, has been published for 19 consecutive years and has studied the breaches of more than 6,000 organizations, becoming an industry benchmark. 

Additional Sources

• Download a copy of the 2024 Cost of a Data Breach Report.
• Sign up for the 2024 IBM Security Cost of a Data Breach webinar on Tuesday, August 13, 2024, at 11:00 a.m. ET. 
• Read more about the report's top findings in this IBM Security Intelligence blog.

About IBM
IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. More than 4,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity and service. Visit ibm.com for more information.

Media contact:
Lakshmi Visakha K B
lakshmi.visakha@ibm.com