In 2023, the worldwide average cost of a data breach rose 15% to $4.45 million USD

According to the latest Cost of a Data Breach study from IBM, the worldwide average cost of a data breach reached $4.45 million in 2023. This figure represents a new all-time high for the study as well as a 15% rise over the course of the previous three years.

The expenses associated with breach detection and escalation have increased by 42% over the same period of time, making up the largest share of total breach costs and showing a move toward more complicated breach investigations. Artificial intelligence (AI) and automation had the greatest influence on the speed with which firms analyzed identified and contained breaches. When compared to firms that have not used AI and automation to any significant degree, those that have done so suffered a data breach lifecycle that was 108 days shorter (214 days as opposed to 322) than those organizations that were investigated.

Those victims of ransomware who participated in the research and contacted law enforcement saved an average of $470,000 in expenditures related to a breach as compared to victims who made the decision not to engage law enforcement. 37% of ransomware victims who were surveyed did not contact law enforcement in a ransomware attack. This is despite the potential savings that may be realized by doing so. When opposed to the 27% of breaches that were exposed by an attacker, just one third of those investigated were discovered by an organization’s internal security staff. When compared to companies that discovered a data breach on their own, companies who had the breach publicized by the attacker incurred approximately one million dollars in additional costs on average.
According to the research from 2023, firms that completely adopt security AI and automation witnessed breach lifecycles that were shorter by an average of 108 days in comparison to organizations that did not deploy these technologies. Furthermore, these organizations had much reduced incident expenses.

In point of fact, firms who substantially used security AI and automation saw their data breach expenses drop by roughly $1.8 million on average, compared to organizations that didn’t deploy these technologies. This was the most significant cost savings opportunity that the survey discovered.

At the same time, adversaries have been successful in cutting down the typical amount of time needed to finish a ransomware attack. And since over forty percent of the surveyed companies have not yet implemented security AI and automation, there is still a significant possibility for companies to increase the speed at which they identify threats and respond to them.
There has been some headway made in the area of threat identification and response. According to the 2023 Threat Intelligence Index published by IBM, defenders were successful in preventing a greater percentage of attacks involving ransomware in the previous year. However, attackers are continually discovering new methods to circumvent the security measures that have been taken. According to the findings of the study, just one in three breaches were discovered by the organization’s internal security teams or tools. In contrast, an attacker reported 27% of such breaches, and a neutral third party such as law enforcement exposed 40% of such breaches.

Responding companies who detected the breach themselves incurred breach charges that were roughly $1 million less than those reported by an attacker ($5.23 million as opposed to $4.3 million). When compared to individuals who discovered the breach on their own, those who had the breach reported by an attacker had a lifetime that was over 80 days longer (320 as opposed to 241). The fact that early identification may result in large cost savings as well as time savings demonstrates that investing in these tactics may, in the long run, be profitable.

Forty percent of the data breaches that were investigated resulted in the loss of data across several settings, such as public cloud, private cloud, and on-premises. This finding demonstrates that attackers were able to infiltrate numerous environments while remaining undetected. Researchers found that data breaches that affected several settings also resulted in greater breach costs (an average of 4.75 million dollars).