IBM Report: Data Breaches in India Reach Rs 195 Million in 2024, Highest Ever
The latest IBM report has revealed that the financial impact of data breaches in India has reached an all-time high of Rs 195 million in 2024. This marks a 39% increase since 2020 and a 9% rise from the previous year.
Key Findings
The report highlights that 70% of breached organizations globally reported disruption. In India, lost business, including operational downtime, loss of customers, and reputation damage, drove a nearly 45% increase in breach costs. Notification costs rose by 19% from the previous year, and detection and escalation costs saw a slight increase of nearly 7%.
Expert Insights
Viswanath Ramaswamy, Vice President of Technology at IBM India & South Asia, emphasized the importance of a proactive and integrated AI-powered approach to cybersecurity. He noted that as cyber-attacks become more complex, their impact on organizations becomes multi-dimensional, affecting reputational, financial, and operational aspects.
Ramaswamy also highlighted the need for businesses to assess the regulatory implications of such attacks and ensure end-to-end compliance, especially with the upcoming rollout of the DPDP Act 2023.
Common Attack Types
The report identifies phishing and stolen or compromised credentials as the most common initial attack types in India, each accounting for 18% of incidents. Cloud misconfiguration followed at 12%. Business email compromise emerged as the costliest root cause, averaging Rs 215 million per breach.
Sector Impact
The industrial sector in India experienced the highest breach costs, averaging Rs 255 million. The technology industry followed at Rs 243 million, and the pharmaceutical sector at Rs 221 million.
Reducing Breach Costs
Offensive security testing, AI and machine learning-driven insights, and proactive threat hunting were key factors that helped reduce the total cost of data breaches in India. Organizations that took less than 200 days to identify and contain a breach incurred an average cost of Rs 184 million, compared to Rs 205 million for those with a breach lifecycle extending beyond 200 days.
Security AI and automation significantly accelerated breach identification and containment. Extensive use of these technologies shortened the data breach lifecycle by 112 days and reduced breach costs by an average of Rs 130 million compared to organizations without such deployments.
The report indicates that 28% of organizations in India are now extensively deploying security AI and automation, up from 20% in 2023. However, there is still substantial potential for growth, as 72% of studied organizations have limited or no use of these technologies.
Doubts Revealed
IBM -: IBM is a big company that makes computers and software. They also help other companies keep their data safe.
Data Breaches -: A data breach is when someone gets into a computer system and steals important information, like passwords or personal details.
Rs 195 Million -: Rs 195 million means 195 million rupees, which is a lot of money. It’s how much the data breaches have cost in India.
2024 -: 2024 is a year in the future. This report is predicting what will happen in that year.
39% increase -: A 39% increase means that the cost of data breaches has gone up by almost 40% since 2020.
Lost business -: Lost business means companies lose money because customers don’t trust them anymore after a data breach.
Notification costs -: Notification costs are the money spent to tell people that their data has been stolen.
AI-powered cybersecurity -: AI-powered cybersecurity uses smart computer programs to protect data from being stolen.
DPDP Act 2023 -: The DPDP Act 2023 is a law in India that helps protect people’s personal data.
Phishing -: Phishing is a trick where bad people send fake messages to steal your personal information.
Stolen credentials -: Stolen credentials are when someone takes your username and password to get into your accounts.
Public clouds -: Public clouds are online storage spaces where companies keep their data. They can be expensive to fix if they get hacked.
