The most common attack type in India is phishing (approx. 22 per cent), followed by stolen or compromised credentials (16 per cent). Social engineering was the costliest root cause of breaches at Rs 19.1 crore, followed by malicious insider threats, which amounted to nearly Rs 18.8 crore.
In 2023, the average cost of a data breach in India hit a record high of ₹17.9 crore, marking a significant 28% increase since 2020, according to IBM Security’s Data Breach Report. Detection and escalation expenses rose by 45 per cent, making up the largest portion of breach costs, signalling more complex breach investigations. Phishing attacks were the most common in India, accounting for nearly 22%, followed by stolen credentials at 16%. Social engineering caused the most expensive breaches at ₹19.1 crore, followed by malicious insider threats at around ₹18.8 crore.
With the rise in cyberattacks in India, businesses should invest in modern security solutions. The report highlighted that security AI and automation had the most significant impact on reducing breach costs and investigation time, yet many Indian organisations have not adopted these technologies.
Globally, organisations are divided on how to address the increasing cost and frequency of data breaches. While 95 per cent of studied organisations experienced multiple breaches, they were more likely to pass the costs onto consumers (57 per cent ) rather than increasing security investments (51 per cent ).
A notable finding in India was that 28 per cent of data breaches affected multiple types of environments, such as public cloud, private cloud, and on-premises, indicating attackers’ ability to compromise various environments without detection. When data was breached across multiple environments, it incurred the highest breach costs at ₹18.8 crore and took the longest to identify and contain, averaging 327 days.
The extensive use of AI and automation significantly sped up breach identification and containment, reducing the data breach lifecycle by 153 days compared to organisations without these technologies (225 days versus 378 days). Organisations in India that embraced security AI and automation saw nearly ₹95 million lower data breach costs, making it the most significant cost-saving factor highlighted in the report.
