A report by IBM’s security division has shown that the global average cost of a data breach reached $4.45 million in 2023 – a 15% increase over the last three years. Detection and escalation costs jumped 42% over the same time frame, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations.
► AI and automation make a big difference to speed of identification and containment
► Only a third of breaches detected by in-housed security teams
According to the annual IBM Cost of a Data Breach Report, businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that while 95% of organisations have experienced more than one incident, breached organisations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%).
Other key findings include:
- AI picks up speed – AI and automation had the biggest impact on speed of breach identification and containment. Organisations with extensive use of both AI and automation experienced a data breach lifecycle that was 108 days shorter compared to studied organisations that have not deployed these technologies (214 days versus 322 days).
- The cost of silence – Ransomware victims in the study that involved law enforcement saved $470,000 in average costs of a breach compared to those that chose not to involve law enforcement. Despite these potential savings, 37% of ransomware victims studied did not involve law enforcement in a ransomware attack.
- Detection gaps – Only one third of studied breaches were detected by an organisation's own security team, compared to 27% that were disclosed by an attacker. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organizations that identified the breach themselves.
The report is based on in-depth analysis of real-world data breaches experienced by 553 organisations globally between March 2022 and March 2023. The research, sponsored and analysed by IBM Security, was conducted by Ponemon Institute.
