The Reserve Bank of India (RBI) recently reported that the average cost of a data breach in India soared to $2.18 million in the previous year. This information was disclosed in the RBI cybersecurity report, which was released today. The report not only presented statistics on cybercrime in India but also shed light on the industries most susceptible to such attacks. Furthermore, the report outlined the steps taken by the central bank to enhance digital security within the country.
According to the RBI’s “Report on Currency and Finance,” the cost of data breaches in India has escalated by 28% since 2020. Although this growth rate exceeds the global average of 15%, it was noted that 13 other countries and regions have a higher average data breach cost.
The global outlook for cybercrime costs is projected to reach US$13.82 trillion by 2028, up from US$8.15 trillion in 2023. The average cost of a data breach has also risen to US$4.45 million in 2023, marking a 15% increase over a span of three years, as per the report.
“Recognizing the significant costs involved, most central banks worldwide have boosted their cybersecurity investment budgets by five per cent since 2020,” noted the report.
The RBI’s report highlighted phishing as the most prevalent form of cyberattack in India during the year 2023, constituting approximately 22% of all incidents. Following phishing attacks, incidents involving stolen or compromised credentials were the next most common form of cyber threats.
Furthermore, the report disclosed that the Indian Computer Emergency Response Team (CERT-In) managed a surge in security incidents from 53,117 in 2017 to 1.32 million between January and October of 2023. Unauthorized network scanning, probing, and vulnerable services accounted for more than 80% of all security incidents in India.
An in-depth analysis of cyberattacks across various industries in India revealed that the automotive sector was particularly vulnerable. The report indicated that the automotive industry faced significant threats, with smart mobility application programming interfaces (APIs) and electric vehicle (EV) charging infrastructure being identified as major attack vectors.
Despite these challenges, the Banking, Financial Services, and Insurance (BFSI) sector was identified as having comparatively better protection against cyberattacks, primarily due to stringent regulatory frameworks governing the industry.
The RBI’s report also highlighted the rise of ‘invisible risks’ or ‘dark patterns’ resulting from digitalization, where consumers are manipulated into making decisions that may not be in their best interests. The central bank emphasized the need to balance financial stability, customer protection, and fair competition within the evolving digital landscape to ensure a secure and robust digital ecosystem.
To address these concerns, the RBI implemented various measures promoting the security of digital transactions, including two-factor authentication for payments, enhanced customer control over card usage, faster resolution of transaction failures, and increased supervisory oversight through simulated phishing exercises. Additionally, comprehensive guidelines and frameworks on IT and Cyber Risk Management, including regulations on Digital Payment Security Controls and IT Services Outsourcing, were issued by the Reserve Bank.
Overall, the RBI’s cybersecurity report underscores the importance of enhancing digital security measures in India to safeguard against the rising threats of cybercrime and data breaches. By implementing proactive strategies and regulatory frameworks, the country aims to create a more secure digital environment for its citizens and businesses.