Image: © TA design/Stock.adobe.com
The company’s latest Cost of a Data Breach report found that severe staffing shortages are linked to higher data breach costs, while AI is being used to significantly reduce the average cost of a breach.
The cost of data breaches continues to rise, with this year witnessing the largest jump since the Covid-19 pandemic, according to a new IBM Security report.
The company’s latest report found that the global average cost of a data breach from March 2023 to February 2024 was $4.88m, an increase of 10pc compared to the previous year. IBM attributed the cost spike to lost business as a result of a breach, along with post-breach customer and third-party response costs.
The latest Cost of a Data Breach report also shows that the impacts of data breaches are becoming more severe for businesses, as 70pc of breached organisations reported that a breach caused significant or very significant disruptions. The after-effects are also rising, as recovery takes more than 100 days for most of the breached organisations that were able to fully recover.
Nearly half of all breaches involved customer personal identifiable information, which can include tax identification numbers, emails, phone numbers and home addresses. Breaches involving stolen or compromised credentials took the longest to identify and contain of any attack vector, taking an average of 292 days.
Kevin Skapinetz, IBM Security VP of strategy and product design, said businesses are caught in a “continuous cycle of breaches, containment and fallout response”.
“This cycle now often includes investments in strengthening security defences and passing breach expenses on to consumers – making security the new cost of doing business,” Skapinetz said.
Staffing shortages
The IBM report suggests that severe staffing shortages are linked to higher data breach costs – more than half of the 604 organisations studied had severe or high-level staffing shortages last year.
Businesses with high levels of staffing issues had an average data breach cost of €5.28m, compared to €3.66m for businesses with lower levels. This trend may be reduced in the near future, as more organisations said they are planning to increase security budgets compared to last year.
The importance of AI
IBM’s 2023 report suggested that AI and automation had the biggest impact on the speed of breach identification and containment, showing the role this technology was beginning to play in the cybersecurity sector.
The latest report shows the use of AI in cybersecurity is rising, as two out of three organisations surveyed are deploying AI and automation across their security operation centres. The report claims that when these technologies were used extensively for prevention technologies, organisations had a data breach cost reduction of $2.2m compared to those with no AI or automation.
Skapinetz said that generative AI is “expanding the attack surface” and will make security expenses “unsustainable, compelling business to reassess security measures and response strategies”.
“To get ahead, businesses should invest in new AI-driven defences and develop the skills needed to address the emerging risks and opportunities presented by generative AI,” he said.
Many experts have spoken about the impact AI will have on the cybersecurity sector, for both defenders and attackers. BT threat intelligence specialist Catherine Williams described AI as a “double-edged sword” for the cybersecurity sector.
IBM has an interest in AI being used for cybersecurity, being a heavy investor in AI technology. Last year, it launched its own AI-powered threat detection and response services for organisations.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.
