A recently released annual report on the ‘Cost of a Data Breach’ by IBM revealed that the average data breach cost in India reached a new record high of Rs 17.9 crore in 2023, indicating an increase of a whopping 28% since 2020. The most expensive root cause of breaches included social engineering, followed by malicious insider threats. In terms of the frequency of attack, phishing was reported most frequently occurring attack type in India, at nearly 22%, followed by stolen or compromised credentials at 16%.
According to IBM, 28% of data breaches in India resulted in data loss across multiple environments, including public cloud, private cloud, and on-premise, suggesting that attackers could compromise multiple environments without being detected. Moreover, when breached data was stored across multiple environments, it had the highest associated breach costs, amounting to Rs 18.8 crore, and took the longest time to identify and contain, which was 327 days.
On the brighter side, using AI and automation significantly improved breach identification and containment speed for the organisations studied. The report clarified how Indian companies using AI and automation extensively reduced the data breach lifecycle by 153 days. These organisations also witnessed lowered costs of approximately Rs 9.5 crores vis-à-vis companies that did not use AI and automation.
Currently, India does not have a data protection law in place. However, Section 43A of the IT Act enables parties impacted by data breaches to seek compensation from corporate bodies. Unfortunately, this provision has rarely been implemented. However, India’s data protection bill is expected to be presented to parliament during the ongoing monsoon session.