Data breach costs reach record high this year, IBM says

24 Jul 2023

Image: © Sergey Nivens/Stock.adobe.com

IBM’s latest Cost of a Data Breach report found that AI is helping to detect and contain attacks, while customer data was the most commonly breached.

Data breaches are becoming more damaging for organisations, with many of the costs being passed on to consumers.

That’s according to a new report from IBM Security, which claims that the global average cost of a data breach has reached $4.45m this year. The report said this is an all-time high and marks a 15pc increase over the last three years.

IBM’s latest Cost of a Data Breach report looked at data breaches experienced by 553 organisations globally between March 2022 and March 2023. The report claims that 57pc of these organisations said they would pass incident costs onto consumers, while 51pc said they would increase security investments.

This mirrors a report by IBM last year, which claimed 60pc of studied organisations raised their product or service prices due to a data breach.

Healthcare continues to be a prime target for attackers based on the report. The average costs of a breach in healthcare reached nearly $11m this year, which IBM claims is a 53pc price increase since 2020.

While the cost of data breaches is rising, IBM said “detection and escalation” costs have jumped by 42pc in the last three years. Despite this, only one-third of data breaches were detected by an organisation’s own security team.

Elaine Hanley of IBM Ireland’s security services division, said personally identifiable information of customers was the most commonly breached record type “and the costliest”. She also said Ireland has witnessed a surged in phishing emails and texts.

“Globally, we are seeing that firms with a smaller number of employees were disproportionally affected by higher breach costs, which in the context of Ireland means that most of the indigent industries operating here need to pay attention to cybersecurity,” Hanley said. “Globally, we saw that only about half of those who suffered a breach actually plan to invest more in their cybersecurity programme, post breach.”

AI takes a leading role

The IBM report suggests that AI and automation had the biggest impact on the speed of breach identification and containment, showing the role this technology can play in cybersecurity.

Studied organisations that had an “extensive” use of AI and automation experienced a data breach lifecycle that was 108 days shorter compared to those that had not deployed these technologies, the report claimed.

Many experts have spoken about the impact AI will have on the cybersecurity sector, for both defenders and attackers. HP’s lead security advisor for EMEA, Paul McKiernan, believes AI will accelerate the industry “like never before”. BT threat intelligence specialist Catherine Williams described AI as a “double-edged sword” for the cybersecurity sector.

Meanwhile, the report aligns with expert claims that organisations should always contact law enforcement when dealing with ransomware attacks. IBM said the studied ransomware victims that involved law enforcement saved $470,000 in average costs of a breach compared to those that chose not to involve law enforcement.

Despite this increase to savings, the report suggests 37pc of ransomware victims don’t involve law enforcement when attacked.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com