According to the Reserve Bank of India (RBI), the average cost of a data breach in India reached $2.18 million last year. The RBI cybersecurity report, released by the central bank today, shared statistics on cybercrime in India, along with details on the most vulnerable industries. The report also highlighted measures taken by the bank to make the country more digitally secure for its citizens.
The RBI’s “Report on Currency and Finance” notes that data breaches in India have gotten 28% more expensive since 2020. While that’s faster than the overall global growth rate of 15%, the report notes that 13 countries and regions have a higher average data breach cost.
“Globally, cybercrime costs are expected to reach US$13.82 trillion by 2028, up from US$8.15 trillion in 2023. The average cost of a data breach has also risen to US$4.45 million in 2023, a 15 per cent increase over three years,” said the report.
“Recognizing the significant costs involved, most central banks have increased their cyber security investment budgets by five per cent since 2020,” the report said.
RBI Cybersecurity Report in Detail
In its report, the RBI pointed out that phishing was the most predominant form of cyberattack in India through 2023, accounting for about 22 percent of incidents, followed by incidents involving stolen or compromised credentials.
“The most common attacks in India are phishing (22 per cent), followed by stolen or compromised credentials (16 per cent),” the report said.
The number of security incidents managed by the Indian Computer Emergency Response Team (CERT-In) surged from 53,117 in 2017 to 1.32 million between January and October 2023, the report noted.
“Unauthorised network scanning, probing, vulnerable services account for more than 80 per cent of all security incidents in India,” the report found.
In an analysis of cyberattacks across various industries in India, the report concluded that the automotive sector was the most vulnerable.
“Industry-wise distribution of cyberattacks in India shows that the automotive industry is the most vulnerable, with smart mobility application programming interfaces (APIs) and electric vehicle (EV) charging infrastructure emerging as major attack vectors,” the RBI report said.
Financial Services Better Protected
The Banking, Financial Services, and Insurance (BFSI) sector, governed by stringent regulations, enjoys comparatively better protection against such attacks, it added.
“With the increasing adoption of digital payments, the share of complaints related to mobile/electronic banking, ATM/debit cards and credit cards received in the offices of the RBI ombudsman accounted for 47 per cent of total complaints in 2022-23,” the report added.
The apex bank also highlighted that digitalization is leading to the emergence of ‘invisible risks’ or ‘dark patterns’, where consumers are manipulated into making choices that are harmful to their interests.
“While digital technologies offer various opportunities for India, such as faster growth, financial inclusion and seamless fiscal transfers and cross-border payments, they also present challenges related to cybersecurity, data privacy and concentration risks. Balancing financial stability, customer protection and fair competition in this dynamic landscape, the Reserve Bank is actively involved in developing a safe, efficient and robust digital ecosystem,” the report said.
“The measures implemented in India to promote security of digital transactions include two-factor authentication for digital payments, increased customer control over card usage, faster turnaround time for transaction failures, augmented supervisory oversight with simulated phishing exercises,” the report said. The Reserve Bank also issued comprehensive guidelines and frameworks for IT and Cyber Risk management, encompassing regulations on Digital Payment Security Controls and IT Services Outsourcing.