The average cost of a data breach has risen to $4.88m, says IBM. According to Big Blue’s annual ‘Cost of a Data Breach Report,’ this marks a 10% year-on-year increase in the costs associated with cyber intrusions – the largest such rise since the onset of the pandemic. Perhaps unsurprisingly, 70% of breached organisations reported that data breaches caused significant or very significant disruptions. IBM attributed the rise in costs to higher expenses associated with lost business and the aftermath of breaches, including customer and third-party responses.
IBM security strategy and product design vice president Kevin Skapinetz said: “Businesses are caught in a continuous cycle of breaches, containment and fallout response,” said IBM’s security, strategy and product design vice-president, Kevin Skapinetz. “This cycle now often includes investments in strengthening security defences and passing breach expenses on to consumers – making security the new cost of doing business.”
Data breach risks to potentially worsen with generative AI
IBM’s latest Cost of a Data Breach Report contains an in-depth analysis of real-world data breaches faced by 604 organisations worldwide between March 2023 and February 2024. Respondents often reported that recovery from breaches is becoming increasingly extended. According to the report, only 12% of organisations were able to fully recover within 100 days. Staffing shortages also exacerbate the risk of data leakage. Organisations experiencing severe staffing shortages encountered average breach costs of $5.74m, compared to $3.98m for those with fewer staffing issues. This marks a 26% increase in reported staffing shortages compared to the previous year.
The report also notes that the deployment of artificial intelligence (AI) and automation in security operations is becoming more common. According to IBM’s report, 67% of organizations are leveraging security AI and automation technologies. Those employing AI, said IBM, witnessed an average reduction of $2.2m in breach costs.
Meanwhile, the global average data breach lifecycle has decreased to 258 days compared to last year, partly due to the use of AI, which has improved threat detection and remediation efforts.
“As generative AI rapidly permeates businesses, expanding the attack surface, these expenses will soon become unsustainable, compelling businesses to reassess security measures and response strategies,” said Skapinetz. “To get ahead, businesses should invest in new AI-driven defences and develop the skills needed to address the emerging risks and opportunities presented by generative AI.”
Data visibility gaps
IBM stated that data visibility gaps continue to be a major issue. Breaches involving data stored across various environments, such as public and private clouds, cost over $5m on average and took the longest to detect and contain. Big Blue’s survey also found that 40% of breaches were related to visibility issues, underscoring the challenges of managing data across different storage solutions. Additionally, intellectual property (IP) theft has increased, with a 27% rise in such breaches reported. The costs associated with stolen IP records have jumped nearly 11% to $173 per record.
In terms of ransomware, the report highlights that involving law enforcement can lead to substantial cost savings. Victims who did so saved nearly $1m on average compared to those who did not, with 63% of these victims managing to avoid paying a ransom altogether. IBM said that critical infrastructure sectors, including healthcare, financial services, industrial, technology, and energy, experienced the highest breach costs. Healthcare organisations alone faced the highest average breach costs at $9.77m. The report also indicates that 63% of organisations plan to raise the prices of their goods or services to cover breach-related expenses. This marks a slight increase from last year’s 57%.