IBM Report: Escalating data breach disruption pushes costs to new highs
The global average cost of a data breach reached $4.88 million in 2024, as breaches grow more disruptive and expand demands on cyber teams, as revealed by IBM annual Cost of a Data Breach Report.
In the largest yearly jump since the Pandemic, the cost of breaches have increased by 10% from the prior year with 70% of breached organisations experiencing significant or very significant disruption.
Lost business and post-breach customer and third-party response costs drove the year-over year cost spike, as the collateral damage from data breaches has only intensified.
The annual Report, conducted by Ponemon Institute and sponsored and analysed by IBM, stands as an industry benchmark in its in-depth analysis of real-world data breaches experienced by 604 organisations globally between March 2023 and February 2024.
Security staffing shortages drove up breach costs
More than half of the organisations studied had severe or high-level staffing shortages last year and experienced significantly higher breach costs as a result ($5.74 million for high levels vs. $3.98 million for low levels or none).
This comes at a time when organisations are racing to adopt generative AI (gen AI) technologies, which are expected to introduce new risks for security teams. In fact, according to a study from the IBM Institute for Business Value, 51% of business leaders surveyed were concerned with unpredictable risks and new security vulnerabilities arising, and 47% were concerned with new attacks targeting AI.
Mounting staffing challenges may soon see relief, as more organisations stated that they are planning to increase security budgets compared to last year (63% vs. 51%), and employee training emerged as a top planned investment area.
Organisations also plan to invest in incident response planning and testing, threat detection and response technologies (e.g., SIEM, SOAR and EDR), identity and access management and data security protection tools.
Hacking the clock with AI
The report found that 67% of organisations deployed security AI and automation – a near 10% jump from the prior year – and 20% stated they used some form of gen AI security tools.
Organisations that employed security AI and automation extensively detected and contained an incident, on average, 98 days faster than organisations not using these technologies. At the same time, the global average data breach lifecycle hit a 7-year low of 258 days – down from 277 days the prior year and revealing that these technologies may be helping put time back on defenders’ side by improving threat mitigation and remediation activities.
Cristina Caballe Fuguet, Senior Partner and Vice President, Global Public Sector, IBM Consulting highlighted that, “When it comes to critical infrastructure breaches, every second counts – and that's where AI-powered defenses can make a substantial difference.
The report shows us that AI can have a material impact on an organization's speed to detect and respond to a breach, ultimately mitigating potential disruptions and bringing down breach costs.
Considering that governments are high priority targets for sophisticated threat actors –who, too, are innovating ways to accelerate their attacks and extend their stealth – it's essential that public sector organisations focus on enhancing their cyber readiness. AI-powered defenses can empower them to automatically remediate alerts, quickly prioritize threats and allocate their security staff's attention and focus to the issues that matter most.”
Shorter breach lifecycles can also be attributed to the increase in internal detection: 42% of breaches were detected by an organisation’s own security team or tools compared to 33% the prior year. Internal detection shortened the data breach lifecycle by 61 days and saved organisations nearly $1 million in breach costs compared to those disclosed by an attacker.
Data insecurities fuel intellectual property theft
According to the 2024 report, 40% of breaches involved data stored across multiple environments and more than one-third of breaches involved shadow data (data stored in unmanaged data sources), highlighting the growing challenge with tracking and safeguarding data.
These data visibility gaps contributed to the sharp rise (27%) in intellectual property (IP) theft. Costs associated with these stolen records also jumped nearly 11% from the prior year to $173 per record.
IP may grow even more accessible as GenAI initiatives push this data and other highly proprietary data closer to the surface. With critical data becoming more dynamic and active across environments, businesses will need to reassess the security and access controls surrounding it.
Other key findings in the 2024 Cost of a Data Breach Report include:
- Stolen credentials topped initial attack vectors – At 16%, stolen/compromised credentials was the most common initial attack vector. These breaches also took the longest to identity and contain at nearly 10 months.
- Fewer ransoms paid when law enforcement is engaged – By bringing in law enforcement, ransomware victims saved on average nearly $1 million in breach costs compared to those who didn’t – that savings excludes the ransom payment for those that paid. Most ransomware victims (63%) who involved law enforcement were also able to avoid paying a ransom.
- Critical infrastructure organisations see highest breach costs - Healthcare, financial services, industrial, technology and energy organisations incurred the highest breach costs across industries. For the 14th year in a row, healthcare participants saw the costliest breaches across industries with average breach costs reaching $9.77 million.
- Breach costs passed to consumers - Sixty-three percent of organisations stated they would increase the cost of goods or services because of the breach this year – a slight increase from last year (57%) – this marks the third consecutive year that the majority of studied organisations stated they would take this action.
Casey Werth, General Manager, Public Sector Industry, IBM Technology underscored that the Report confirmed the opportunity for IT leaders in the public sector to extend the use of AI and automation in their organizations' security posture, including in the areas of detection and response, red-teaming, and posture management.
Werth highlighted that as public sector organisations accelerate GenAI adoption to speed up their defence readiness and it will be "crucial that these strategies are underpinned by a framework for securing the AI pipeline," emphasising that CIOs should not underestimate the value of AI-driven cyber defences.