View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. AI and automation
July 24, 2023updated 25 Jul 2023 10:55am

AI is helping to reduce data breach impact says IBM

Data breaches from more than 500 organisations were analysed for the report, finding a significant benefit to using AI in threat detection.

By Ryan Morrison

The use of AI and automation in securing data after a cyberattack is helping to reduce the impact and cost of a breach. That is according to a new report from IBM that found a breach would cost UK organisations not using AI an average of £3.4m but that was reduced by £1.6m for those with AI tools.

IBM Security found that only a third of breaches were discovered by internal cybersecurity teams (Photo: Gorodenkoff/Shutterstock)
IBM Security found that only a third of breaches were discovered by internal cybersecurity teams (Photo by Gorodenkoff/Shutterstock)

The annual IBM Security Cost of a Data Breach report examines the impact of cybercrime on companies and methods used in mitigation. It is based on an in-depth analysis of real-world data breaches from more than 550 organisations around the world, occurring between March 2022 and March 2023.

As well as the impact of AI, the report found a long-term increase in the cost of data breaches in the UK, despite a £400,000 year-on-year drop between 2022 and 2023. Last year, the average cost of a breach in the UK was £3.8m, dropping to £3.4m this year but still up 9% since 2020. Globally, the cost of a data breach has increased year-on-year with a 15% rise over three years.

The report, sponsored by IBM Security with research by the Ponemon Institute, found that the cost of a breach was £1.6m less for organisations using AI to enhance security operations than those not using AI. This was in part due to AI’s ability to speed up breach identification and containment. 

Researchers found that the average breach life cycle, in organisations using various types of AI toolsets and capabilities, was 108 days shorter than in organisations using more traditional security set-ups. Despite the evidence showing the benefit of AI, IBM Security found that the majority of UK organisations surveyed were not using AI or automation for security. Just 28% were using it widely and 37% were not using it at all.

The study of global breaches also revealed that, in the UK, the highest average cost of a data breach was in the financial services sector at £5.3m followed by the services sector at £5.2m. Most of the attacks came from stolen or compromised credentials, likely taken during previous breaches or from phishing attacks. The most costly point of entry was from malicious insiders, giving cybercriminals easier access to a system willingly. This led to breaches costing an average of £3.9m compared with a cost of £3.85m for phishing attacks or business email compromise attacks.

Global security investment divide

Globally, the report revealed a security investment divide. Despite the rising cost of attacks and 95% of those surveyed experiencing more than one breach, only 51% plan to increase their security investments. 

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Getting law enforcement involved seems to be a positive step. The report found that ransomware victims calling the authorities saved $470,000 compared with those not involving law enforcement. Despite the evidence of savings, 37% of ransomware victims revealed they did not involve law enforcement in a ransomware attack.  

Only a third of those suffering a cyberattack found out about it as a result of detection by internal security teams. A similar percentage were told about the attack by the attacker and these instances cost $1m more than when the organisation spotted the breach themselves.

Of those breaches studied by the researchers, 40% resulted in the loss of data across multiple environments. This included public cloud, private cloud and on-premises. It shows that once in the system attackers could compromise multiple environments while avoiding detection from security professionals. Data breaches that impacted multiple environments also led to higher breach costs. 

Martin Borrett, technical director for IBM Security UK & Ireland, said AI may be the driving force needed to bridge the speed gap between security and attackers. “The slight decline from last year in the overall cost of a data breach in the UK suggests the powerful impact security AI and automation may already be having on early adopters,” he added.

Read more: White House secures AI safety commitment

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.