Cybersecurity Breaches in India: Costs & Lessons for Businesses

Introduction

Brace yourself: in the first half of 2024, the average cost of a data breach in India skyrocketed to an all-time high of ₹19.5 crore. That's right—a jaw-dropping figure reported by IBM this July, marking a 9% surge from last year and an astonishing 39% jump since 2020. But it’s not just the financial toll that’s devastating. These breaches bring businesses to a grinding halt, with 70% of affected organizations worldwide reporting major operational disruptions. The message is clear: the cost of a data breach is more than just money—it's business paralysis. With cyberattacks on the rise in India, we’re seeing a wave of costly data breaches that devastate both financially and reputationally. 

‍

With digitalization being the corporate world's supreme commander, the cyber attack rate is skyrocketing. In its 2023-24 Report on Currency and Finance (RCF), the RBI warned that the digital shift in consumer and financial intermediary behaviors could shake up monetary policy in unexpected ways.  Let's dive into some real-life cases that show the severe impacts of these breaches and how cyber insurance can cushion the blow.

The True Cost of Cybersecurity Breaches in India

Cybersecurity often goes hand in hand with data breaches and businesses often have to spend a fortune to collect themselves back. These breaches often occur due to weaknesses in technology or lapses in user behavior—whether it’s an outdated system, a careless click on a phishing email, or simply poor password practices.

So, what does data breach mean?

A data breach occurs when sensitive and private information—such as social security numbers, bank details, medical records, or critical business data like customer info, intellectual property, or financial records—falls into the hands of an unauthorized party. Essentially, a data breach is a security break that opens up access to data meant to stay private. Having said all that, it’s now high time to look at some of the documented data breaches that have shaken the nation.

Why Do You Need A Cyber Insurance?

‍

If you think your business is too small to attract cybercriminals, think again! Cyberattacks don’t discriminate. They’re just as likely to target startups as they are industry giants, especially those with valuable customer data or financial records.

‍

Here’s how cyber insurance can protect your business from cyberattack-related costs:

‍

• Covering Legal Expenses and Fines: A cyber breach often brings regulatory scrutiny. Cyber insurance helps cover legal fees and any fines from regulatory bodies, reducing the burden on your company.
• Data Recovery Costs: Recovering compromised or lost data can be time-consuming and costly. With cyber insurance, you’re protected against data recovery costs, allowing you to get back to business as quickly as possible.
• Public Relations and Reputation Management: After a breach, companies often need to launch campaigns to restore trust. Cyber insurance can cover PR expenses, helping you reconnect with customers and regain their confidence.

Notification and Customer Protection Costs: When a breach exposes sensitive customer data, notifying affected customers and offering credit monitoring services is critical—and expensive. Cyber insurance can cover these costs, ensuring your customers feel protected and valued.

Choosing the Right Cyber Insurance for Your Business:

‍

Not all cyber insurance policies are created equal. It’s essential to understand what’s included and select a policy tailored to your needs. When evaluating a cyber insurance policy, consider the following:

‍

• Extent of Coverage: Ensure that the policy covers major risks, from ransomware and data breaches to liability for leaked third-party information.
• Incident Response Services: Many insurers provide immediate access to a cyber incident response team, helping you act fast to contain the breach and minimize damages.

Reputation Repair: Look for a policy that offers PR support to help rebuild your brand’s image and assure customers that their data is safe with you.

What Rights Does the DPDPA Hand Over to You?

‍

The Digital Personal Data Protection Act, 2023 (DPDPA) just made personal data rights a whole lot clearer—and, let’s be honest, more powerful for consumers. Under this act, you’re not just any consumer; you’re the Data Principal, with five crucial rights to take control of your data.

‍

Here’s the rundown, as laid out by Akshayy S Nanda, Partner at Saraf and Partners:

‍

• Right to Access Information: Ever wonder what data companies are collecting on you? Now, you can find out. This right lets you ask for details on exactly what’s being processed, why, and which third parties they’re sharing it with. Knowledge is power, right?
• Right to Correction: Is outdated or incorrect info floating around? You can demand they update or correct any inaccuracies in your data.
• Right to Erasure: Say goodbye to data you don’t want floating in their servers anymore. If your data’s purpose has expired or you’ve withdrawn consent, you can insist on its deletion.
• Right to Grievance Redressal: Tired of privacy issues getting ignored? Not anymore. This right gives you a direct route to file complaints and get timely solutions when your data privacy feels compromised.

Right to Nominate: Here’s a unique one: you can appoint someone to handle your data protection rights if you’re incapacitated or pass away. Because your data rights shouldn’t end with you!