Of the 2,130 security incidents and 523 confirmed breaches in the APAC region, system intrusion, social engineering, and basic web application attacks represent 95 per cent of breaches, according to Verizon Business report.

The most common types of data compromised include credentials (69 per cent), internal (37 per cent), and secrets (24 per cent).

"Since so much of cyber espionage can be defined as an advanced persistent threat, it’s especially important for organisations in APAC to continuously refresh their security protocols to prevent the long-term collection of sensitive data by hackers," said Chris Novak, Sr Director of Cybersecurity Consulting, Verizon Business.

The report analysed 30,458 security incidents and 10,626 confirmed breaches in 2023 -- a two-fold increase over 2022.

Last year, 15 per cent of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues, the report mentioned.

About 68 per cent of breaches whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack, according to the report.

"India is one of the key countries affected by phishing attacks, where employees often click on malicious links or attachments that appear to be from legitimate sources, often leading to severe financial losses," said Anshuman Sharma, Director - VTRAC, Cybersecurity Consulting Services, Verizon Business.

"However, there's a silver lining as reporting practices have improved, with 20 per cent of users now identifying and reporting phishing during simulation tests," he added.