IBM released its annual "Data Breach Cost Report", showing that the average global cost of data breaches in 2023 will reach $4.45 million, a 15% increase over the past three years. A record high for the report.
The report shows that enterprises are divided on how to plan to deal with the increasing frequency and cost of data breaches. The study found that while 95 percent of businesses surveyed had experienced more than one data breach, they were more likely to pass incident costs on to consumers (57 percent) than to increase security investments (51 percent).
time is money
The report shows that artificial intelligence and automation can curb the rate of data breaches. Organizations that extensively use artificial intelligence and automation technologies have shortened the data breach cycle by 108 days compared with those that do not deploy these technologies, resulting in a significant reduction in incident costs of $1.8 million. .
"Time is the new currency in cybersecurity for defenders and attackers alike. As the report shows, early detection and rapid response can significantly reduce the impact of a breach," said Chris McCurdy, general manager, IBM Global Security Services. “Security teams must focus on where adversaries are most successful and focus on stopping them before they achieve their goals. Invest in threat detection and response methods, such as artificial intelligence and automation, to increase the speed and effectiveness of defenders.”
In addition, some victims will be reluctant to seek the intervention of law enforcement agencies after being attacked by data breaches, thinking that this will make things more complicated, but this report research found that data breaches occurred without the intervention or help of law enforcement agencies. Instead, the cycle will increase by 33 days, and this will bring an average additional cost of about 470,000 US dollars. Of the victims studied, 47% paid the ransom. Clearly, organizations should be well aware that paying the ransom and evading law enforcement may only increase the cost of the incident and slow down the response.
Corrupt data across environments
According to IBM's 2023 Threat Intelligence Index, defenders prevented a higher percentage of ransomware attacks last year, but attackers are still finding ways to break through gaps in defenses. The report found that only one-third of attacks were detected by organizations' own security teams or tools, while 27 percent were disclosed by attackers and 40 percent by third parties such as law enforcement.
Of the data breaches studied, 40% resulted in data loss across multiple environments, including public cloud, private cloud, and on-premises, demonstrating that attackers are able to compromise multiple environments while avoiding detection. The study found that data breaches that affected multiple environments also resulted in higher breach costs, averaging $4.75 million.
The average cost of a data breach in healthcare will reach nearly $11 million in 2023, a 53% increase in prices since 2020. According to the 2023 X-Force Threat Intelligence Report, attackers have begun targeting downstream victims as it becomes easier to steal data. Attackers are using medical records as leverage to increase the pressure on victims to pay the ransom. In fact, across all industries studied, personally identifiable customer information was the most commonly compromised type of record, as well as being the most costly.
The average global cost of a data breach for organizations with high levels of DevSecOps was nearly $1.7 million less than those with low or no DevSecOps approaches. The average cost of a data breach for the critical infrastructure organizations studied rose 4.5% compared to last year, from $4.82 million to $5.04 million, $590,000 more than the global average.