The frequency and cost of data breaches are increasing. However, companies are reluctant to invest in safeguarding their systems. What’s more, many organizations transfer the cost of the breach to consumers.
On average, the cost of a data breach now amounts to a staggering $4.45 million. This is an all-time high and also a 15% increase over the last three years.
The company compiled the report using data from 533 breaches in 16 different countries.
“Security teams must focus on where adversaries are the most successful and concentrate their efforts on stopping them before they achieve their goals. Investments in threat detection and response approaches that accelerate defenders’ speed and efficiency – such as AI and automation – are crucial to shifting this balance,” Chris McCurdy, General Manager, Worldwide IBM Security Services, said.
Nearly every organization studied by IBM has experienced at least one breach. 57% of them were more likely to burden their consumers with the cost of the breach instead of increasing their security investments. Last year, 60% of companies said they were likely to increase prices following costly data breaches – as if consumers, who may have had their data compromised in the security incident, hadn’t already paid a hefty price.
In fact, the report also showed that personally identifiable information (PII) was the most commonly breached data in 2023. 52% of all the breaches involved some sort of PII. Threat actors also compromised troves of employee information and intellectual property.
IBM experts even insisted that it costs more when companies try to hide security breaches from law enforcement. They say there’s an additional cost of $470,000 for organizations that don’t involve law enforcement in a ransomware attack. 37% of surveyed companies said they kept it quiet, which resulted in higher costs and an even 33-day longer breach lifecycle.
The data breach lifecycle is the time between the detection of the breach and its containment. On average, it takes companies approximately nine months – 277 days – to identify and contain the breach.
Worryingly, healthcare organizations are the ones that paid the most hefty price for security incidents. Since 2020, the cost of a data breach for them has increased by over 50%, and the average stands at nearly $11 million.
Here are the top five countries and regions where the cost of a data breach is the highest:
- USA – $9.48 million
- Middle East – $8.07 million
- Canada – $5.13 million
- Germany – $4.67 million
- Japan – $4.52 million
Who’s to blame for the high costs of data breaches? According to IBM, phishing and compromised credentials are the usual suspects. Quite often, cloud misconfigurations and business email compromise (BEC) are also the initial vector of compromise.
“This year, for the first time, the report examined both zero-day (unknown) vulnerabilities as well as known, unpatched vulnerabilities as the source of the data breach and found that more than 5% of the breaches studied originated from known vulnerabilities that had yet to be patched,” the company noted.
Unfortunately, in-house security teams rarely discover breaches themselves. It turns out that 27% of breaches are disclosed by the attacker, while 40% are by a third party – for example, law enforcement.
“Time is the new currency in cybersecurity, both for the defenders and the attackers. As the report shows, early detection and fast response can significantly reduce the impact of a breach," said McCurdy.
As per the report, organizations that rely on AI and automation to defend their perimeter saw a 108-day shorter breach lifecycle, and it cost them, on average, $1.8 million less than for those who didn’t deploy the aforementioned technologies.
Your email address will not be published. Required fields are markedmarked