IBM Security Report: Data breach costs hit record highs in 2023
IBM Security Report: Data breach costs hit record highs in 2023
IBM Security Report: Data breach costs hit record highs in 2023.
IBM Security’s latest 2023 cost of data breach report shows that the average cost of a global data breach in 2023 will reach $4.45 million, a record high in the report’s history and an increase of 15% over the past three years.
The cost of detection and escalation jumped 42% over the same period, making it the highest cost of a data breach. “This shows that data breach investigations are shifting towards more sophistication”.
The 2023 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 553 organizations around the world between March 2022 and March 2023.
Threat insights are provided , along with practical recommendations for upgrading network security and minimizing damage.
Businesses are divided on how to plan to deal with the increasing cost and frequency of data breaches.
The study found that while 95 percent of organizations studied had experienced more than one data breach, those that were breached were more likely to pass the cost of the incident on to consumers (57 percent) than to increase their security investments (51 percent).
Some key findings from the report include:
- AI and automation will have the greatest impact on the speed at which breaches are identified and contained by research organizations. Organizations that made extensive use of AI and automation experienced 108 fewer days in the data breach lifecycle (214 days vs. 322 days, respectively) and average cost savings of $1.76 million compared to organizations that did not deploy these technologies.
- Some organizations believe that engaging with law enforcement during a ransomware attack complicates the situation, but research from the IBM report found the opposite to be the case. Participating organizations without law enforcement involvement experienced an average of 33 days more vulnerability lifecycle than those with law enforcement involvement. In comparison, ransomware victims who chose to involve law enforcement saved an average of $470,000 in breach costs. Still, 37 percent of ransomware victims in the study did not involve law enforcement when they were attacked by ransomware.
- Only one-third of the vulnerabilities studied were detected by an organization’s own security team, 27 percent were disclosed by attackers, and 40 percent were disclosed by neutral third parties such as law enforcement . Data breaches disclosed by attackers cost an average of nearly $1 million more ( $ 5.23 million vs. sky).
“Time is the new currency in cybersecurity for defenders and attackers alike,” said Chris McCurdy, general manager, IBM Global Security Services. “As the report shows, early detection and rapid response can significantly reduce the impact of a breach. Security Teams must focus on where adversaries are most vulnerable and focus on stopping them before they achieve their goals. Investing in threat detection and response methods to increase the speed and effectiveness of defenders; artificial intelligence and automation, for example, are critical to changing this balance Crucial.”
Other findings in the report include:
- Data breaches across environments – Nearly 40% of the data breaches studied resulted in data being lost in multiple environments, including public cloud, private cloud, and on-premises, demonstrating that attackers were able to compromise multiple environments , while avoiding detection. The study found that data breaches that affected multiple environments also resulted in higher breach costs ($4.75 million on average).
- Healthcare breach costs continue to skyrocket —the average cost of a breach in healthcare will reach nearly $11 million in 2023, a 53% increase since 2020. According to the 2023 X-Force Threat Intelligence Report , cybercriminals have begun making stolen data more accessible to downstream victims. Armed with medical records as leverage, threat actors have increased the pressure on compromised organizations to pay ransoms. In fact, across all industries studied, personally identifiable customer information was the most commonly breached type of record, as well as the most costly.
- The DevSecOps Advantage – In a study of organizations across all industries, organizations with high levels of DevSecOps had an average global data breach cost nearly $1.7 million less than organizations with low/no DevSecOps approaches.
- Critical infrastructure breach costs exceed $5 million – Compared to last year, the average cost of a critical infrastructure breach rose 4.5 percent, from $4.82 million to $5.04 million, $590,000 more than the global average.
