Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs

IBM Security’s 2023 Cost of a Data Breach Report reveals record-high global breach costs of $4.45 million and a 15% increase in the last 3 years.

IBM Security, a leading global technology company, has just released its annual Cost of a Data Breach Report,1 revealing some alarming statistics. According to the report, the global average cost of a data breach has reached an all-time high of $4.45 million in 2023, indicating a significant 15% increase over the last three years. The study, based on the analysis of real-world data breaches experienced by 553 organizations worldwide between March 2022 and March 2023, also highlights a concerning shift in breach costs.

Detection and escalation costs have witnessed a staggering 42% jump over the same time frame, now constituting the largest portion of breach costs. This upward trend indicates a growing complexity in breach investigations and the need for more robust security measures.

The 2023 IBM report further sheds light on how businesses are grappling with the rising costs and frequency of data breaches. It reveals that 95% of the studied organizations have experienced more than one breach. When it comes to dealing with the financial fallout, breached organizations seem to be divided in their approaches. Surprisingly, 57% of them have chosen to pass the incident costs onto consumers, while only 51% have decided to increase their security investments to prevent future breaches.

One of the most significant findings of the report revolves around the role of AI (Artificial Intelligence) and automation in mitigating the impact of data breaches. Organizations that extensively used AI and automation in their security measures experienced a data breach lifecycle that was 108 days shorter than those that did not deploy these technologies (214 days versus 322 days). Moreover, they managed to save an average of nearly $1.8 million in breach costs, making it the most significant cost-saving strategy identified in the study.

Interestingly, the report also highlights a puzzling phenomenon related to ransomware attacks. Some organizations remain hesitant to involve law enforcement during a ransomware attack due to concerns about complicating the situation. However, the data suggests otherwise. The study found that participating organizations that didn’t involve law enforcement experienced breach lifecycles that were 33 days longer on average, resulting in $470,000 higher breach costs compared to those that collaborated with law enforcement.

Another concerning aspect of breach incidents is that organizations’ security teams rarely discover breaches on their own. Only one-third of the studied breaches were detected internally, while 27% of breaches were disclosed by the attackers themselves. Data breaches revealed by attackers cost nearly $1 million more on average compared to those identified by the organization’s security team.

Chris McCurdy, the General Manager of Worldwide IBM Security Services, stressed the importance of time in cybersecurity. He emphasized that early detection and rapid response are critical in reducing the impact of a breach, calling for investments in advanced threat detection and response approaches like AI and automation.

The 2023 IBM report also highlighted other noteworthy findings, such as the increasing cost of breaches in the healthcare industry, where the average breach cost reached nearly $11 million in 2023. Additionally, organizations with a high level of DevSecOps saw a global average cost of a data breach nearly $1.7 million lower than those with a low level or no use of a DevSecOps approach.

The report serves as a wake-up call for organizations worldwide to prioritize cybersecurity investments and adopt cutting-edge technologies like AI and automation. With data breaches becoming more sophisticated and costly, early detection and swift response have become imperative in the fight against cyber threats.

IBM Security’s Cost of a Data Breach Report has been published for 18 consecutive years, and its insights have consistently shaped the cybersecurity landscape, guiding organizations in their efforts to safeguard sensitive data and protect their customers’ trust.