The average cost incurred because of a data breach in India reached an all-time high of Rs 19.5 crore in 2024, United States-based technology firm IBM said in a report on Wednesday.

A data breach is a security incident where unauthorised parties access sensitive or confidential information, including personal and corporate data.

IBM’s annual “Cost of a Data Breach Report” said that the cost of such breaches had jumped 39% since 2020. “Globally, 70% of breached organisations reported that the breach caused significant or very significant disruption,” the report added.

The findings were based on analysis of data breaches experienced by 604 organisations globally between March 2023 and February 2024. The research was conducted by the Ponemon Institute, and was sponsored and analysed by IBM.

It attributed the spike in the cost of data breaches in India to lost businesses and notification costs. “The cost of lost business – operational downtime, lost customers, and reputation damage, among others – escalated nearly 45%, and notification costs jumped 19% from the previous year,” it said.

Lost business typically refers to the loss of revenue, customers or market share due to various factors, including data breaches.

Notification costs refers to the expenses incurred when using an external party to notify individuals or firms about a data breach or a security incident where their personal information has been compromised.

According to the report, phishing and stolen or compromised credentials accounted for 18% of the most common cyberattack types in India. This was followed by cloud misconfiguration at 12%.

At an average cost of Rs 21.5 crore per breach, business emails getting compromised was the costliest, the report noted. This was followed by “social engineering” attacks at Rs 21.3 crore and phishing at Rs 20.9 crore.

Social engineering attacks refer to persons getting manipulated into sharing information that they should not share, visiting websites they should not visit or making mistakes online that compromise their personal or organisational security, according to IBM.

In India, the industrial sector was the most-affected by data breaches with an average cost of this was Rs 25.5 crore, the report said. It was followed by the technology industry at Rs 24.3 crore and the pharmaceutical sector at Rs 22.1 crore.

“Globally, critical infrastructure sectors – such as healthcare, financial services, industrial, technology, and energy organisations – incurred the highest breach costs across industries,” the report said.

The study came days after the Centre confirmed that there had been a data breach in the systems of state-owned telecom firm Bharat Sanchar Nigam Limited in May.

In June, Athenian Tech, a London-based cyber security company, said in a report that the “breach involves a substantial amount of sensitive data including International Mobile Subscriber Identity [IMSI] numbers, SIM card information, and Home Location Register [HLR] details, among other critical data”.

The data was “critical” as it enabled hackers to possibly gain access to Bharat Sanchar Nigam Limited’s networks and clone users’ SIM cards, the report added.

Earlier this year, a report said that a total of 53 lakh Indian online accounts faced data breaches in 2023.