Data breach costs reach historic high

The cost of a data breach has surged by 10% in the last year to reach an all time high, thanks to staff shortages, more disruptive cyberattacks and the rising expense of third-party response services, according to a report from IBM.

However, greater use of AI and increasing IT security budgets has helped some organisations to reduce these costs.

The latest annual Cost of a Data Breach Report from the global tech company shows that the average cost of a data breach has risen to $4.88m, driven by an increase in lost business as well as the rising expense of recovery.

The research, commissioned by IBM and conducted by the Ponemon Institute, showed the largest yearly jump in costs since the pandemic as well as a clear increase in the severity of the attacks with 70% of organisations reporting significant or very significant disruption as a result of a breach.

In addition to the rising costs, companies are also taking longer to recover from an event. Just 12% of breached organisations were able to fully recover from an event and most of those took more than 100 days to do so.

There is also a correlation between staff shortages and higher costs of a breach. More than half of those organisations with severe or high-level staffing shortages experienced significantly higher breach costs than those without ($5.74m versus $3.98m).

However, the study also found that organisations are planning to increase their security budgets this year by more than 10% (from 51% to 63%) and have targeted staff training, incident response planning and threat detection as priority areas.

The research also showed the paradoxical impact of AI for most organisations when it comes to cyber security. On the one hand, the use of technology, and generative AI especially, has opened up more vulnerabilities for hackers to exploit.

However, companies reported that the use of AI has helped to detect breaches more quickly and to identify security vulnerabilities. Two-thirds (67%) now deploy security AI and automation, a 10% increase on the previous year. And, on average, those organisations are able to detect and contain a breach 98 days faster than those that do not use the technology.

This had a significant implication on cost. Companies using AI across workflows incurred an average $2.2 million less in breach costs, the largest cost savings revealed in the 2024 report.

For risk managers, there were some notable findings concerning the storage of data – 40% of breaches involved data stored across multiple systems while more than a third involved shadow data stored in unmanaged data sources.

These data visibility gaps are cited by IBM as a cause of the sharp rise in intellectual property (IP) theft, which rose by 27% in the last year. In addition, the cost of IP losses rose by 11% to $173 per record.

Unsurprisingly critical infrastructure organisations continued to experience the highest costs for a data breach with healthcare organisations topping the charts for the 14th year in a row.

There was one positive finding from the report – the involvement of law enforcement brought down ransomware costs by nearly $1m per breach.

“Businesses are caught in a continuous cycle of breaches, containment and fallout response. This cycle now often includes investments in strengthening security defences and passing breach expenses on to consumers – making security the new cost of doing business,” said Kevin Skapinetz, vice president, strategy and product design, IBM Security.

“As generative AI rapidly permeates businesses, expanding the attack surface, these expenses will soon become unsustainable, compelling business to reassess security measures and response strategies. To get ahead, businesses should invest in new AI-driven defences and develop the skills needed to address the emerging risks and opportunities presented by generative AI.”

The research, which is in its 19th year, analysed breaches suffered by 604 global organisations between March 2023 and February 2024.

Back to top button