Request a Quote

IBM Report: Average Cost of a Data Breach Rises to $4.45 Million

We Keep you Connected

IBM Report: Average Cost of a Data Breach Rises to $4.45 Million

IBM Report: Average Cost of a Data Breach Rises to $4.45 Million
Your email has been sent
IBM Security also provided tips for how to prevent and mitigate data breaches.
Data breach costs rose to $4.45 million per incident in 2023, IBM found in its annual Cost of a Data Breach report. Customer and employee personal identifiable information was the most commonly breached type of data in 2023 and was involved in 52% of all breaches reported.
Jump to:
Data breach costs rose to $4.45 million per incident in 2023, up 2.3% from $4.35 million in 2022. Overall, the average cost has increased 15.3% from the $3.86 million average in 2020.
In addition, one in three companies discovered a data breach themselves, as opposed to 67% of breaches reported by a third party or by the attackers.
Last year, IBM saw detection and escalation costs increase, indicating that it was taking longer to investigate breaches. On average, it took 277 days for organizations to detect a breach and return to normal service. This trend has continued in 2023, with the costs of detection and evaluation rising 9.7% to $1.58 million. Lost business cost dropped the most, by 8.5% to $1.30 million.
Cost was calculated using four areas of financial impact:
In the U.S., the average cost of a data breach was $9.48 million, which was the highest globally. The U.K. saw a 16.6% drop in cost from $5.05 million to $4.21 million.
The way in which an organization distributed data across its cloud environments was found to make a difference: 82% of breaches involved data stored in public, private or a combination of multiple clouds. In 39% of cases, breaches crossed multiple cloud environments and ran a higher-than-average penalty of $4.75 million.
SEE: Explore 10 ways to improve your data security (TechRepublic)
Customers may feel the impact of data breaches. A slight majority (57%) of organizations increased the prices of their business offerings after a data breach — down slightly from 60% in 2022.
IBM recommended the following tips for business leaders trying to prevent data breaches.
Business leaders should keep in mind the importance of providing resources to help developers work under secure-by-design principles, making sure security comes into play in the initial design phase of major technology changes.
App developers who build cloud-native applications can reduce attack surfaces and bolster user privacy in the cloud. Building security into applications during development will also help organizations keep up to date with regulations, IBM said.
Organizations should be sure they have strong encryption, data security and data access policies when storing data across multicloud and hybrid cloud environments. Organizations would be well-served by looking into data security and compliance tools that can protect data as it moves.
In addition, data activity-monitoring solutions can help security teams gain insight into their data stores and enforce policies automatically. IBM recommended data security posture management, which is a newer service that can identify vulnerable data across structured and unstructured assets within cloud service providers, software-as-a-service properties and data lakes.
AI is trendy right now, but it has proven itself in the numbers, IBM found. Companies using extensive security AI and automation were found to have a $1.76 million lower data breach cost on average, as well as a 108-day shorter time to identify and contain the breach.
Security tool sets that can benefit from AI and automation include:
IBM also noted that it’s important to use a trusted service that will not introduce bias or blind spots.
“It’s crucial to ensure that the data used to train the AI models is widely diverse and void of bias–that the models are transparent, explainable, and free from drift; and that they are trained continuously–the same way continuous learning is essential for humans,” said Sridhar Muppidi, CTO, IBM Security, in an email to TechRepublic. He pointed out three important elements to keep in mind when choosing an an AI-enhanced or automated security solution:
Generative AI in particular is too new for anyone to be certain what the impact on security will be overall, Muppidi said. However, he anticipates it is “poised to give a substantial edge to our ability to detect accurately and respond faster to breaches.”
“When you look at the mean time to detect and contain a data breach, [generative] AI will become a force multiplier for both stages, to optimize threat operations and analyst’s time,” he said.
A dedicated incident response team or partner can make a big difference. Organizations with mature, high levels of incident response had on average $1.49 million lower data breach costs, compared to organizations with low levels or none, and resolved incidents 54 days faster.
For an added layer of security, network segmentation complements diligent incident response well. Incident response can also be boosted by training security teams on simulated breach scenarios or penetration testing.
51% of survey respondents said they planned to increase security investments after a breach. Incident response, planning and testing, employee training, and threat detection and response technologies were the most desirable areas for additional investment.
SEE: TechRepublic Premium’s Incident Response Policy
The annual Cost of a Data Breach report was written in partnership with the Ponemon Institute. Respondents came from 553 organizations across 16 countries and geographic regions and 17 industries. All of the surveyed organizations were hit by data breaches between March 2022 and March 2023. Information was collected through 3,475 interviews with IT, compliance and information security practitioners from those organizations.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
IBM Report: Average Cost of a Data Breach Rises to $4.45 Million
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Microsoft is also running a grant competition for ideas on using AI training in community building.
Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap.
Does your business need a payroll provider that offers international payroll services? Use our buyer’s guide to review the best solutions, from ADP to Oyster.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
A lax or non-existent corporate computer naming convention could make things more difficult when it comes to defining logical groups of computers and consistently targeting individual systems. This policy from TechRepublic Premium is designed to ensure every employee, contractor, temporary worker and volunteer understands and agrees to abide by specific guidelines for naming computers operating …
Budget planning can be a headache, especially when economic conditions might be uncertain. TechRepublic Premium’s Budget planning tool, which is included in the download, can help make it easier, even for novices new to the field of budgeting and planning expenditures. Previously priced at $99, this is now available to download for $29. Or free …
Many computer systems, network devices and other technological hardware used in the enterprise can audit and log various activities. These activities include network traffic, internet access, creating or deleting users, adding users to groups, changing file permissions, transferring files, opening the case, powering off, deleting system logs, and anything else a user, administrator or the …
This Conflict of Interest Disclosure Policy from TechRepublic Premium establishes the ground rules that will allow a hired consultant to work on another project for another party. Company permission for such a situation is discretionary by the company and is dependent on meeting the requirements of this policy. From the policy: To use the Company’s …

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE