Avg data breach cost in India rises 28% in 3 years

The average cost of a data breach in India has increased by 28% within three years since the pandemic to $2.18 million in 2023, reveals a recent RBI Report on Currency and Finance for the year 2023-24. The national average cost of a data breach, however, remains almost half as low as the global average which stood at $4.45 million last year with a 15% rise over three years.

Quoting an IBM 2023 report, the RBI report on India’s Digital Revolution revealed that of these 22%, the most common ones were cases of phishing where a perpetrator masquerades as a legitimate individual or business to acquire sensitive data, such as a bank account numbers, followed by 16% of cases of stolen or compromised credentials. While the report did not detail the specifics of these costs as in what these comprised or who were these borne by, the report mentioned that central banks across the globe have increased their security investments by five% since the pandemic.

The RBI report reveals that security incidents handled by the Indian Computer Emergency Response Team (CERT-In), rose nearly 2385% from 53,117 in 2017 to 13.20 lakh between January and October 2023. The majority of these incidents, over 80%, involve unauthorised network scanning, probing, and vulnerable services.

According to industry-wise data on cyber-attacks in India, the automotive industry is the most vulnerable, with smart mobility application programming interfaces (APIs) and electric vehicle (EV) charging infrastructure identified as major attack vectors. In contrast, the banking and financial services industry (BFSI), governed by stringent regulations, is relatively protected from such threats.

The report notes that India accounts for 48.5% of the global real-time payments market. Domestic digital payments have registered a compound annual growth rate of 50% in volume and 10% in value since 2017.
Supported by the country’s robust digital public infrastructure, dynamic FinTech ecosystem, and conducive policy environment, digital payments currently make up about 10% of the nation's GDP and are projected to reach 20% by 2026.

The increasing adoption of digital payments has led to a significant rise in complaints related to mobile/electronic banking, ATM/debit cards, and credit cards, accounting for 47% of total complaints received by the RBI ombudsman in 2022-23.

While digital financial innovations like digital lending platforms and buy-now-pay-later (BNPL) services enhance customer convenience, they also present challenges such as high charges, coercive recovery practices, and hidden fees.

In India, BNPL constitutes around 3% of total e-commerce finance by value and is projected to grow annually by 74%, reaching a US$ 56 billion market by 2026. However, the model's reliance on late fees for profitability can be predatory for customers. The seamless nature of digital technologies can also encourage impulsive spending and debt accumulation.

Moreover, the use of extensive customer data by companies raises concerns about data protection and privacy, potentially compromising customer trust and security.

In India, three-fourths of business-to-consumer (B2C) FinTech applications request access to sensitive data like camera, photo/media/files, location, and storage. India is among the top ten countries in embedded finance revenue, expected to grow at a CAGR of 30.4% over 2022-29, reaching US$ 21.1 billion by 2029. While cross-selling and embedded finance models enhance convenience, they may also raise anti-competition concerns due to bundled services.