.png)
.png)
The global average cost of a data breach has reached an all-time high for the second consecutive year, but companies can mitigate the escalating financial impact by adopting artificial intelligence (AI), according to an IBM report. The “Cost of a Data Breach Report 2024,” published Tuesday, surveyed 604 companies across 16 countries and regions between March 2023 and February 2024, benchmarking 19 years of data. Year over year, the average cost of a breach rose 10 percent, from $4.5 million to $4.9 million. Post-breach response and lost business costs saw an 11 percent increase over 2023 levels, the survey indicated.
The United States experienced the highest cost of data breaches at approximately $9.4 million, marking a 14-year trend. The Middle East followed with about $8.8 million, then Benelux—comprising Belgium, the Netherlands, and Luxembourg—at $5.9 million, Germany at $5.3 million, and Italy at $4.7 million. Interestingly, Canada and Japan noted a decrease in their average breach costs compared to the previous year, the report mentioned.
Healthcare companies were the most impacted, facing about $9.8 million per incident. This was followed by the finance sector at $6.1 million, industrial at $5.6 million, technology at $5.4 million, energy at $5.3 million, and pharmaceuticals at $5.1 million.
The average time to identify a breach was 258 days, a seven-year low, down from 277 days over the past two years. The report credited AI for this improvement. About 67 percent of companies are leveraging AI and automation in their security protocols. These companies spent $2.2 million less on breach costs and detected and contained incidents 98 days faster than those not using AI.
“As generative AI rapidly permeates businesses, expanding the attack surface, these expenses will soon become unsustainable, compelling businesses to reassess security measures and response strategies,” stated Kevin Skapinetz, vice president of strategy and product design at IBM Security, in an accompanying press release.
The report also revealed that 42 percent of breaches were detected internally by organizations, an increase from 33 percent last year. However, only 12 percent of organizations reported a full recovery from a data breach, which took over 100 days on average.
Breaches involving stolen or compromised credentials took the longest to identify and contain, averaging 292 days, compared to other types of attacks. Phishing attacks lasted an average of 261 days, while social engineering attacks took 257 days to resolve.
Involving law enforcement in a ransomware attack reduced the cost of a breach by $1 million on average, excluding ransom payments, and shortened the resolution time from 297 days to 281 days.
The survey noted a 26 percent year-over-year increase in organizations facing severe security personnel shortages. Breach costs escalated with high vacancy rates, averaging $5.7 million compared to about $4 million with manageable staff shortages. Approximately 63 percent of businesses indicated plans to increase their security staff this year.
Companies relying on a single method of data storage, whether cloud-based or offsite, spent less on identifying and resolving breaches. The survey found that 40 percent of breaches involving data spread across different environments cost more than $5 million and took the longest to resolve, about 283 days.
“Businesses are caught in a continuous cycle of breaches, containment, and fallout response. This cycle now often includes investments in strengthening security defenses and passing breach expenses on to consumers—making security the new cost of doing business,” Skapinetz remarked.
By fLEXI tEAM
Comentarios