Bengaluru, July 31: The average cost of a data breach in India reached an all time high of Rs 19.5 crore this year, as the local industrial sector experienced the costliest cyber attacks across sectors, a report showed on Wednesday. The Indian industrial sector faced the highest impact from data breaches, with average cost reaching Rs 25.5 crore, followed by the technology industry at Rs 24.3 crore and the pharmaceutical sector at Rs 22.1 crore.
The cost of lost business operational downtime, lost customers and reputation damage, among others escalated nearly 45 per cent and notification costs jumped 19 per cent from the previous year, according to the annual report by tech major IBM. The most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18 per cent of incidents each, followed by cloud mis-configuration (12 per cent).
Business email compromise was the costliest root cause at an average total cost of Rs 21.5 crore per breach, followed by social engineering (Rs 21.3 crore) and phishing (Rs 20.9 crore) as the next highest costs. "Considering that India is getting ready for the roll out of the Digital Personal Data Protection (DPDP) Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance," said Viswanath Ramaswamy, Vice President, Technology, IBM India and South Asia.
Prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential, Ramaswamy added. According to the report, 34 per cent of data breaches studied in India involved data stored on public clouds and 29 per cent across multiple environments (including public cloud, private cloud and on prem).
Globally, critical infrastructure sectors such as healthcare, financial services, industrial, technology, and energy organisations incurred the highest breach costs across industries, the report mentioned.