Data breach costs have increased to record levels, with the average cost of a data breach now $4.45 million globally – a 2% increase from last year and a 15% increase since 2020. U.S. data breaches cost an average of $9.48 million and healthcare data breaches are the most expensive, costing an average of $10.93 million. This is the thirteenth consecutive year that healthcare data breaches have topped the list as the most expensive data breaches.
Data breach costs were analyzed by IBM Security and were based on interviews and surveys of 553 organizations globally, with the interviews and surveys conducted by the Ponemon Institute. 95% of surveyed companies said they have experienced more than one data breach and the increasing cost of data breaches means consumers are being forced to foot the bill. 57% of breached companies said the costs of data breaches are passed onto consumers. Worryingly, only 51% of companies said data breaches resulted in an increase in security spending.
The biggest percentage rise in breach costs was detection and escalation, which have increased by 42% over the past 3 years indicating a shift towards more complex data breach investigations. The speed at which intrusions and data breaches are identified and mitigated has a significant impact on the cost of the data breach. IBM Security reports that AI and automation had the biggest impact on the speed of identification and containment. Organizations that had extensively used AI were able to identify and contain breaches 108 days faster than companies that did not extensively use AI and automation.
It is now far more common for data breaches to be identified by a third party than internal security teams, with only one-third of the breaches studied for the report identified internally. 27% of the data breaches saw the breached entity informed about the breach by the attacker, and in those breaches, the costs were around $1 million higher than data breaches that were detected by internal security teams.
Many victims of ransomware attacks do not involve law enforcement following an attack, as there is a commonly held view that law enforcement involvement complicates the breach response; however, IBM Security found that law enforcement involvement in the breach response reduces the breach costs by an average of $470,000 and decreases the breach lifecycle by an average of 33 days, yet only 37% of breached companies involve law enforcement in the response to a ransomware attack.
Around 40% of data breaches involved breaches across multiple environments, such as on-premises and public and private clouds and these data breaches were far more costly, typically $4.75 million more expensive than single-environment data breaches. The most important factors for reducing data breach costs were a DevSecOps approach, which saved almost $250,000, employee training which saved almost $233,000 and incident response planning and testing, which saw savings of over $232,000. Across all data breaches studied, the most common initial access vector was phishing and stolen/compromised credentials, and while these incidents were among the costliest data breaches, the most expensive breaches were caused by malicious insiders.