A report by IBM’s security division has shown that the global average cost of a data breach reached $4.45 million in 2023 – a 15% increase over the last three years. Detection and escalation costs jumped 42% over the same time frame, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations.
► AI and automation make a big difference to speed of identification and containment
► Only a third of breaches detected by in-housed security teams
According to the annual IBM Cost of a Data Breach Report, businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that while 95% of organisations have experienced more than one incident, breached organisations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%).
Other key findings include:
- AI picks up speed – AI and automation had the biggest impact on speed of breach identification and containment. Organisations with extensive use of both AI and automation experienced a data breach lifecycle that was 108 days shorter compared to studied organisations that have not deployed these technologies (214 days versus 322 days).
- The cost of silence – Ransomware victims in the study that involved law enforcement saved $470,000 in average costs of a breach compared to those that chose not to involve law enforcement. Despite these potential savings, 37% of ransomware victims studied did not involve law enforcement in a ransomware attack.
- Detection gaps – Only one third of studied breaches were detected by an organisation's own security team, compared to 27% that were disclosed by an attacker. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organizations that identified the breach themselves.
The report is based on in-depth analysis of real-world data breaches experienced by 553 organisations globally between March 2022 and March 2023. The research, sponsored and analysed by IBM Security, was conducted by Ponemon Institute.
Read more of our latest Security stories
