IBM released its annual Cost of a Data Breach Report revealing the average cost of a data breach in India reached an all-time high of INR 195 million in 2024. Breach costs jumped 39% since 2020 and 9% from the prior year, as breaches grow more disruptive and further expand demands on cyber teams. Globally, 70% of breached organisations reported that the breach caused significant or very significant disruption.
Lost business and notification costs drove the year-over-year cost spike in India, as the collateral damage from data breaches has only intensified. The cost of lost business —operational downtime, lost customers, and reputation damage, among others— escalated nearly 45%, and notification costs jumped 19% from the previous year. The slight rise in detection and escalation costs (almost 7% over the same time frame), reflects the complexity of breach investigations, and once again represents the highest portion of breach costs in India.
“The findings from this year’s IBM Cost of a Data Breach Report reinforce the importance of a proactive and integrated AI-powered approach to cybersecurity. As cyber-attacks gain pace and complexity, their impact on organisations becomes multi-dimensional, affecting reputational, financial and operational aspects. Considering that India is getting ready for the rollout of the DPDP Act 2023, businesses also need to assess the regulatory implications of such attacks and ensure end-to-end compliance. Therefore, prioritising data security and safeguarding critical assets to help ensure that only the right people have access to organisational resources is essential,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia.
Prominent attack vectors
The most common initial attack types in India were phishing and stolen or compromised credentials, accounting for 18% of incidents each. Followed by cloud misconfiguration (12%). Business email compromise was the costliest root cause at an average total cost of INR 215 million per breach, followed by social engineering (INR 213 million) and phishing (INR 209 million) as the next highest costs.
Data breached across multiple environments
According to the 2024 report, 34% of data breaches studied in India involved data stored on public clouds and 29% across multiple environments (including public cloud, private cloud and on-prem). Breached data stored on public clouds represented the highest costs (INR 227 million), while incidents spanning multiple environments took the longest to identify and contain (327 days).
Industries impacted
The Indian industrial sector faced the highest impact from data breaches, with average cost reaching INR 255 million, followed by the technology industry at INR 243 million and the pharmaceutical sector at INR 221 million. Globally, critical infrastructure sectors – such as healthcare, financial services, industrial, technology, and energy organisations – incurred the highest breach costs across industries.
Key factors that decreased costs
In India, offensive security testing (such as red teaming and pen/vulnerability testing), implementing AI and machine learning-driven insights, and conducting proactive threat hunting were some of the factors that helped studied organisations decrease the total cost of data breaches.
Time dimension
Time is another relevant factor in India, as the report also found that organisations which took less than 200 days to identify and contain a data breach incurred an average cost of INR 184 million. By contrast, organisations with a data breach lifecycle extending beyond 200 days incurred an average cost of INR 205 million.
The case for security AI and automation
Continuing the trend from the 2023 report, security AI and automation played a significant role in accelerating the speed of breach identification and containment for organisations studied. In India, when these technologies were used extensively, local companies shortened the data breach lifecycle by 112 days and incurred an average INR 130 million less in breach costs, compared to organisations without security AI and automation deployments.
In this context, the report reflected that 28% of organisations in India are now extensively deploying security AI and automation, compared to 20% in 2023. However, there remains significant potential for growth in India, as currently 72% of studied organisations have limited (35%) or no use (37%) of security AI and automation.