According to IBM’s annual Data Breach report, the average cost of a data breach reached an all-time global high of $4.45 million, up 2.3% from 2022 and 15.3% since 2020.
While $4.45 million is the average across the 16 countries included in IBM’s survey of 553 organizations, breaches in the United States cost far more than the average. The 2023 average hit $9.48 million, according to the report.
Healthcare organizations saw even more of a jump—the average cost of a breach for the sector rose 53.3% in the same period, IBM said in its 2023 report. This year was the thirteenth in a row when the healthcare sector reported the highest average breach cost (now at $10.93 million). The average cost per breached record increased slightly to a new high—up to$165 per record from $164 one year ago. This has jumped from $146 in 2020, IBM noted. The survey assessed breach events with a range of 2,200 to 102,000 records.
In its survey, the firm highlighted breach investigation tactics that could either reduce costs or increase them. For example, organizations that didn’t call in law enforcement during ransomware attacks experienced an extra $470,000 in costs on average and faced longer recovery times.
“While 63% of respondents said they involved law enforcement, the 37% that didn’t paid 9.6% more and experienced a 33-day longer breach lifecycle,” IBM noted. Longer breaches, in general, produce higher than average costs—events stretching over200 high $4.95 million on average, while those at fewer than 200 days cost 23% less at $3.93 million.
Threat detection costs appeared to drive the average breach cost, rising 42% in the last three years, according to the report, suggesting cyber event investigations have become more complex. Just one in three respondents said their own security teams detected breaches—it was far more likely (67%) for third parties or attackers themselves to reveal intrusions. Organizations also faced nearly $1 million in extra costs when cyber threat actors disclosed breaches.
Cyber attackers also showed an increasing preference for infiltrating the cloud – 82% of the breaches evaluated involved cloud data in public, private, or hybrid environments. When threat actors could access multiple environments, breach costs skewed even higher, up to an average of $4.75 million.
Despite higher costs, just 51% of organizations said they planned to increase their cybersecurity spending. Instead, more than half (57%) said they would pass the costs through to customers. Nearly all (95%) surveyed organizations had experienced more than one breach.
One area where organizations may want to invest more is in artificial intelligence tools to help detect breaches. Businesses leveraging AI and automation tools extensively in their networks identified and contained breaches, on average, 108 days quicker than their less tech-forward counterparts and saw average costs of $1.76 million lower than other organizations.
“Time is the new currency in cybersecurity, both for the defenders and the attackers. As the report shows, early detection and fast response can significantly reduce the impact of a breach,” said Chris McCurdy, general manager, worldwide, IBM Security Services, in a statement. “Security teams must focus on where adversaries are the most successful and concentrate their efforts on stopping them before they achieve their goals. Investments in threat detection and response approaches that accelerate defenders’ speed and efficiency—such as AI and automation—are crucial to shifting this balance.”
Contact INSURICA for more healthcare resources.
The content of this News Brief is of general interest and is not intended to apply to specific circumstances. It should not be regarded as legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice. © 2023 Zywave, Inc. All rights reserved.
About the Author
Share This Story
Related Blogs
OSHA Announces Top 10 Violations for 2024
OSHA recently revealed its top 10 most frequently cited standards in the 2024 fiscal year using preliminary data. This information is valuable for businesses of all kinds, as it helps them identify common exposures that affect their workforce and gives them the information they need to plan their compliance programs.
Holiday Shopping Online? Remember These Cybersecurity Tips
Online shopping has made it easier than ever to peruse the wares of various businesses and vendors from the comfort of your own home as you search for the perfect gifts this holiday season. However, conducting transactions over the internet always involves inherent risks, as cybercriminals may be lying in wait.
Most Common Vehicle and Driver Violations Leading to Out-of-Service Orders in 2024 Fiscal Year
To help drivers of commercial motor vehicles (CMVs) remain safe and keep trucking businesses in compliance with the Federal Motor Carrier Safety Regulations and Hazardous Materials Regulations, the Federal Motor Carrier Safety Administration records the number of violations discovered through roadside inspections conducted by Motor Carrier Safety Assistance Program inspectors.