IBM Report: Escalating data breach disruption pushes costs to new highs

The global average cost of a data breach reached $4.88 million in 2024, as breaches grow more disruptive and expand demands on cyber teams, as revealed by IBM annual Cost of a Data Breach Report.

In the largest yearly jump since the Pandemic, the cost of breaches have increased by 10% from the prior year with 70% of breached organisations experiencing significant or very significant disruption.  

Lost business and post-breach customer and third-party response costs drove the year-over year cost spike, as the collateral damage from data breaches has only intensified.

The annual Report, conducted by Ponemon Institute and sponsored and analysed by IBM, stands as an industry benchmark in its in-depth analysis of real-world data breaches experienced by 604 organisations globally between March 2023 and February 2024.

Security staffing shortages drove up breach costs  

More than half of the organisations studied had severe or high-level staffing shortages last year and experienced significantly higher breach costs as a result ($5.74 million for high levels vs. $3.98 million for low levels or none).

This comes at a time when organisations are racing to adopt generative AI (gen AI) technologies, which are expected to introduce new risks for security teams. In fact, according to a study from the IBM Institute for Business Value, 51% of  business leaders surveyed were concerned with unpredictable risks and new security vulnerabilities arising, and 47% were concerned with new attacks targeting AI. 

Mounting staffing challenges may soon see relief, as more organisations stated that they are  planning to increase security budgets compared to last year (63% vs. 51%), and employee training emerged as a top planned investment area.

Organisations also plan to invest in incident response planning and testing, threat detection and response technologies (e.g., SIEM, SOAR  and EDR), identity and access management and data security protection tools.  

Hacking the clock with AI  

The report found that 67% of organisations deployed security AI and automation – a near 10%  jump from the prior year – and 20% stated they used some form of gen AI security tools.

Organisations that employed security AI and automation extensively detected and contained an  incident, on average, 98 days faster than organisations not using these technologies. At the same time, the global average data breach lifecycle hit a 7-year low of 258 days – down from  277 days the prior year and revealing that these technologies may be helping put time back on defenders’ side by improving threat mitigation and remediation activities.

Cristina Caballe Fuguet, Senior Partner and Vice President, Global Public Sector, IBM Consulting highlighted that, “When it comes to critical infrastructure breaches, every second counts – and that's where AI-powered defenses can make a substantial difference.

The report shows us that AI can have a material impact on an organization's speed to detect and respond to a breach, ultimately mitigating potential disruptions and bringing down breach costs.

Considering that governments are high priority targets for sophisticated threat actors –who, too, are innovating ways to accelerate their attacks and extend their stealth – it's essential that public sector organisations focus on enhancing their cyber readiness. AI-powered defenses can empower them to automatically remediate alerts, quickly prioritize threats and allocate their security staff's attention and focus to the issues that matter most.” 

Shorter breach lifecycles can also be attributed to the increase in internal detection: 42% of  breaches were detected by an organisation’s own security team or tools compared to 33% the prior year. Internal detection shortened the data breach lifecycle by 61 days and saved  organisations nearly $1 million in breach costs compared to those disclosed by an attacker.

Data insecurities fuel intellectual property theft 

According to the 2024 report, 40% of breaches involved data stored across multiple environments and more than one-third of breaches involved shadow data (data stored in  unmanaged data sources), highlighting the growing challenge with tracking and safeguarding  data. 

These data visibility gaps contributed to the sharp rise (27%) in intellectual property (IP) theft. Costs associated with these stolen records also jumped nearly 11% from the prior year to $173 per record.

IP may grow even more accessible as GenAI initiatives push this data and other highly proprietary data closer to the surface. With critical data becoming more dynamic and  active across environments, businesses will need to reassess the security and access controls surrounding it.  

Other key findings in the 2024 Cost of a Data Breach Report include:  

• Stolen credentials topped initial attack vectors – At 16%, stolen/compromised  credentials was the most common initial attack vector. These breaches also took the  longest to identity and contain at nearly 10 months.  
• Fewer ransoms paid when law enforcement is engaged – By bringing in law enforcement, ransomware victims saved on average nearly $1 million in breach costs  compared to those who didn’t – that savings excludes the ransom payment for those  that paid. Most ransomware victims (63%) who involved law enforcement were also  able to avoid paying a ransom.  
• Critical infrastructure organisations see highest breach costs - Healthcare, financial  services, industrial, technology and energy organisations incurred the highest breach  costs across industries. For the 14^th year in a row, healthcare participants saw the costliest breaches across industries with average breach costs reaching $9.77 million.  
• Breach costs passed to consumers - Sixty-three percent of organisations stated they  would increase the cost of goods or services because of the breach this year – a slight  increase from last year (57%) – this marks the third consecutive year that the majority of studied organisations stated they would take this action. 

Casey Werth, General Manager, Public Sector Industry, IBM Technology underscored that the Report confirmed the opportunity for IT leaders in the public sector to extend the use of AI and automation in their organizations' security posture, including in the areas of detection and response, red-teaming, and posture management.

Werth highlighted that as public sector organisations accelerate GenAI adoption to speed up their defence readiness and it will be "crucial that these strategies are underpinned by a framework for securing the AI pipeline," emphasising that CIOs should not underestimate the value of AI-driven cyber defences.