Costs for data breaches jump by 10% in 2024: report

This audio is auto-generated. Please let us know if you have feedback.

Data breaches are big headaches for companies, and all the more so as the associated costs keep rising.

Globally, the average data breach cost climbed for a fourth consecutive year, this time by 10%, the largest annual increase since the COVID-19 pandemic. That cost is now $4.88 million, according to IBM’s 19th annual look at the topic, which covered 604 organizations affected by data breaches between March 2023 and February 2024.

Things were different for companies in the United States, although whether that was good or bad depends on one’s point of view. The U.S. bucked the global trend, with average breach costs falling by 1.3%. However, the country still has the highest such costs globally, averaging $9.36 million.

Breaches in the Middle East were almost as costly, on average rising 8.4% to $8.75 million. In no other country or region did these costs average more than $5.9 million. The largest percentage increases were in Italy (13.7%) and Latin America (12.7%).

By industry, as usual, the healthcare sector stood out in terms of breach costs, with an average of $9.77 million. On the other hand, that cost was down 10.6% from 2023, while costs rose for other major sectors, including financial, industrial, technology, energy, pharmaceuticals, and professional services.

The overall global increase of 10% was caused by business disruptions and post-breach support and remediation, IBM wrote in its survey report.

When asked how they’re dealing with these costs, more than half of organizations said they are passing them on to customers. “Having customers absorb these costs can be problematic in a competitive market already facing pricing pressures from inflation,” IBM said. But the share of companies doing so increased to 63% this year, from 57% last year.

By the numbers

$4.88 million

Global average cost of a breach, in U.S. dollars

35%

Percentage of breaches involving “shadow data,” or unknown, hidden or overlooked data not governed by official IT teams

1 million

Average estimated cost savings when law enforcement is involved in ransomware attacks

292

Average days to identify and contain breaches involving stolen credentials

26.2

2024 percentage increase in proportion of breached organizations hampered by security staffing shortages

$830,000

U.S. dollar increase in average breach costs within the industrial sector, the most of any industry

In another finding of the research, conducted by the Ponemon Institute and analyzed by IBM, applying AI-based security and automation is paying off. Organizations using such tools had average breach costs of $3.84 million, compared to $5.72 million for those that don’t.

Additionally, companies extensively using security AI and automation identified and contained breaches 102 days faster than those not using such tools at all.

Still, the proportion of companies using AI security capabilities climbed only three percentage points this year, to 31% from 28% in 2023.

The overall mean time for identification and containment of a breach dropped to 258 days, reaching a seven-year low, compared to 277 days in last year’s survey.

Of course, the longer that timeframe is, the greater the costs. The research found that costs when breach lifecycles last longer than 200 days averaged $5.46 million, compared with $4.07 million for lifecycles under 200 days.

Tags:

← Previous Post Next Post →