New Delhi: The average cost of data breaches in India surged to $2.18 million (Rs 18.25 crore) in 2023, a 28 per cent jump since 2020, according to a report released by the Reserve Bank of India (RBI) on Monday.
As per the RBI's Currency and Finance report for 2023-24, the most common data breach attacks in India is phishing (22per cent), followed by stolen or compromised credentials (16per cent).
Industry-wise distribution of cyber attacks in India shows that the automotive industry is the most vulnerable, with smart mobility application programming interfaces (APIs) and electric vehicle (EV) charging infrastructure emerging as major attack vectors.
Banking and financial services sector, which is governed by well-defined regulations, is relatively protected from such attacks, the report said.
Despite a sharp increase the cost of data breach in India remains below the global average. The global average cost of data breach increased to $4.45 million in 2023, a 15per cent increase in three years.
In the United States the average cost of data breach is close to $10 million. The cost of data breaches in the Middle East, Canada, Germany, Japan and the United Kingdom are among the highest.
Although the report did not specify what the cost comprises of or who it is borne by, data breach normally leads to financial losses in the form of fines and penalties, remediation costs, loss of potential profits, investments in new security measures and loss of opportunities costs among others.
Globally, cybercrime costs are expected to reach $13.82 trillion by 2028, up from $8.15 trillion in 2023.
Recognising the significant costs involved, most central banks have increased their cyber security investment budgets by 5per cent since 2020, the RBI noted in the report.
Digitalisation is also giving rise to certain ‘invisible risks’ or ‘dark patterns’, whereby consumers are tricked into making decisions detrimental to their interests, the RBI said.
“The use of extensive customer data by companies raises concerns about data protection and privacy, potentially compromising customer trust and security,” the report added.
With the increasing adoption of digital payments, the share of complaints related to mobile/electronic banking, ATM/debit cards and credit cards received in the offices of the RBI ombudsman accounted for 47% of total complaints in 2022-23.
In foreword to the report, RBI Governor Shaktikanta Das underlined that the digitalisation in finance is paving the way for next-generation banking; improving access to financial services at affordable costs; and enhancing the impact of direct benefit transfers by effective targeting of beneficiaries in a cost-efficient manner. Loans in the retail segment are being enabled by online payments and innovative credit assessment models with instant disbursements.
“At the same time, digitalisation also presents challenges related to cybersecurity, data privacy, data bias, vendor and third-party risks, and customer protection. Increased inter-connectedness may lead to systemic risks,” the governor said.To tackle issues relating to misuse of data, the Reserve Bank has implemented data localisation for payments data and issued guidelines preventing digital lending applications from accessing private information without the explicit consent of users, the central bank underlined in the report.