India Data Breach Costs Soar to ₹22 Crore

The average cost of a data breach in India surged to an all-time high of ₹22 crore in 2025, marking a 13% increase from last year, according to IBM’s Cost of a Data Breach report.

The report, released on Thursday, flags a growing gap between the pace of artificial intelligence (AI) adoption and the implementation of adequate security and governance measures to protect AI systems.

This is the first time IBM's annual report—based on analysis of nearly 6,500 breaches over 20 years—has tracked AI-related security practices. While AI-related breaches are still relatively few, the findings suggest that unregulated AI systems are becoming an attractive target for cybercriminals.

“India’s accelerating AI adoption brings immense opportunity, but it’s also exposing enterprises to new and complex cyber threats,” said Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia. “The absence of access controls and AI governance tools are not just a technical oversight, it’s a strategic vulnerability.”

IBM’s study found that nearly 60% of Indian organisations that experienced a breach either had no AI governance policies in place or were still developing them. Only 37% had implemented AI access controls. Alarmingly, among the few with governance policies, just 34% actually use AI-specific governance technology.

One of the most striking findings was the financial toll of shadow AI—the use of unregulated AI tools outside the purview of an organisation’s IT or security teams. Shadow AI was among the top three cost amplifiers, adding an average of ₹1.79 crore to breach costs in India.

Phishing remained the top initial attack vector in India (18%), followed closely by third-party vendor and supply chain compromise (17%) and vulnerability exploitation (13%).

Despite clear evidence that AI-driven security automation can dramatically reduce breach costs—nearly halving them—73% of surveyed Indian organisations reported limited or no use of such tools.

The research sector saw the highest average breach cost at ₹28.9 crore, followed by transportation (₹28.8 crore) and industrials (₹26.4 crore), the latter having topped the list in 2024.

On a positive note, breach lifecycle times in India hit a record low, dropping to 263 days—a 15-day improvement over last year—as organisations improved their ability to detect and contain threats.

Also Read: US federal judiciary’s electronic case system breached in major cyberattack: Report