Data Breach Costs are on the Rise

August 05, 2024

Recovering from a data breach is getting more expensive.

IBM’s annual report evaluates the ways breaches are causing multi-sector disruption, with associated costs growing 10 percent from the prior year. About 70 percent of organizations affected by a data breach report significant or very significant disruption, the report notes.

“Businesses are caught in a continuous cycle of breaches, containment and fallout response,” said Kevin Skapinetz, vice president, strategy and product design, IBM Security. “This cycle now often includes investments in strengthening security defenses and passing breach expenses on to consumers—making security the new cost of doing business.”

Here are five insights from the report.

• Increasing threat:  The global average cost of a data breach increased 10 percent to $4.88 million, the largest jump since the pandemic.
  • Disruption in business and post-incident customer service/remediation strongly contributed to the increases.
• Health care burden:  The health care sector saw breach costs decline to $9.77 million from $10.93 million, but the industry still faced the highest costs.
  • Health care has held the top spot for costs associated with breaches since 2011.
  • Finance, industrial, technology, energy, and pharmaceuticals were next on the list for top data breach costs.
• The role of AI:  Two out of three organizations used artificial intelligence (AI) to assist their security and automation. On average, organizations with AI security and automation detected and contained incidents 98 days faster than organizations without these technologies.
• Recovery time:  The average recovery time to identify these breaches fell to 258 days, a seven-year low and down from 277 days during 2023.
• Benefits of internal detection:  About 42 percent breaches were detected by an organization’s internal security team. That’s up from 33 percent the year before.
  • Internal detection helps shortens the “data breach lifecycle” by 61 days and saved nearly $1 million in breach costs compared to those disclosed by the attacker.

The report notes that the beached data can be found across multiple environments (40%); on the public cloud (25%); on premises (20%); or a private cloud (15%). The report also includes key recommendations for organizations to strengthen their awareness; their investment in security tools and staff;  and their cyber response training.

Additional insights from the report are available for review online.