Companies have increasingly passed these costs onto their customers, with more than half of the surveyed organizations indicating they have raised prices as a result, according to the report.
Conducted by the Ponemon Institute and sponsored by IBM, the 2024 “Cost of a Data Breach Report” indicates a 10 percent surge in the global average cost of a data breach, now reaching $4.88 million per incident.
This marks the highest increase since the pandemic, the report found, underscoring a growing challenge businesses face in protecting their information.
The IBM report attributes the spike in costs to impacts on the business as well as correction efforts.
“Business disruption and post-breach customer support and remediation drove this cost spike,” the report states.
Despite the daunting financial figures, the report sheds light on a potential silver lining: artificial intelligence (AI) and automation.
Organizations that have extensively deployed AI and automation across their security operations centers reported an average cost reduction of $2.2 million per breach, the report found.
These technologies have proven effective in reducing the time required to identify and contain breaches, thereby mitigating damage.
“Applying security AI and automation is paying off, lowering breach costs in some instances by an average of $2.2 million,” the report noted.
This finding highlights the changing role of advanced technologies in bolstering cybersecurity defenses.
However, the cybersecurity landscape continues to face some challenges, as the report identifies a “severe” and growing shortage of skilled security personnel as a major issue.
More than half of the breached organizations reported facing significant security-staffing shortages, a situation that correlates with higher breach costs, according to the report. This skills gap has increased by double digits from the previous year, exacerbating the vulnerabilities within many organizations.
The report also delves into the initial attack vectors and the root causes of breaches.
Compromised credentials were the most common initial attack vector, involved in 16 percent of breaches, and also the costliest, averaging $4.81 million per breach.
Phishing and social engineering attacks were similarly prevalent and costly, which the report says underscores the need for robust employee training and advanced security measures.
In addition, the impact of breaches on business operations was substantial, with a significant 70 percent of organizations experiencing notable business disruption—with the average cost of breaches escalating in tandem with the severity of the disruption, the report found.
For those reporting very significant disruptions, the average cost of such disruptions rose to $5.01 million.
Geographically, the United States reported the highest average data breach cost at $9.36 million, followed by the Middle East and Germany.
In terms of industry, healthcare remained the most expensive sector for data breaches, with an average cost of $9.77 million, despite a slight reduction from the previous year.
The annual report has characterized healthcare as the most expensive sector in relation to costs associated with data breaches since 2011.
To combat these rising costs, the report offers several recommendations such as the adoption of AI and automation in prevention strategies and enhanced cyber response training.
The report advocates for a security-first approach to generative AI adoption, stressing the need to secure AI data, models, and usage to mitigate emerging risks.
“While organizations are moving quickly ahead with generative AI, only 24 percent of gen AI initiatives are being secured,” the report concluded. “The lack of security threatens to expose data and data models to breaches, potentially undermining the benefits that gen AI projects are intended to deliver.”
