Data breach costs have been escalating, with the global average reaching a record-high of $4.45 million, marking a 15% increase over the past three years. The healthcare industry remained the most expensive sector for data breaches for the 13th consecutive year. However, the research suggests opportunities to contain breach costs.
The 18th annual Cost of a Data Breach Report, independently conducted by Ponemon Institute and published by IBM Security, provides crucial insights for IT, risk management, and security leaders to identify security gaps and effective measures in minimizing financial and reputational damages caused by data breaches. The report analyzed real-world data breaches from 553 organizations, considering thousands of interviews and hundreds of cost factors.
Key findings from the report reveal that adopting security AI and automation, implementing a DevSecOps approach, and having robust incident response (IR) plans led to substantial cost savings. Extensive use of security AI and automation saved an average of $1.76 million, while a DevSecOps approach and thorough IR planning saved $1.68 million and $1.49 million, respectively.
Additionally, advanced security tools like AI and ASM accelerated breach identification and containment, reducing response times by significant margins. Organizations employing security AI and automation detected and contained incidents 108 days faster, while ASM solutions led to an average reduction of 83 days in response times.
Data stored in multiple environments contributed to higher costs and longer containment times for breaches. Cloud-based data breaches comprised 82% of all cases, with 39% involving data stored across various environments, resulting in an additional $750,000 in average breach costs and a 15-day longer containment period than the global average. Organizations that identified breaches internally fared better in containing costs. Investments in IR planning, employee training, and threat detection and response tools were effective at mitigating data breach costs, resulting in a significant return on investment (ROI).
The healthcare industry continues to experience the most expensive data breaches, with costs reaching nearly $11 million in 2023, an 8% increase from the previous year and a 53% jump since 2020. The pandemic increased vulnerability to attacks due to burnout and staff shortages, leading to a rise in healthcare data breaches. Hospitals are particularly susceptible to ransomware attacks, with criminals demanding payments for the return of critical data.
Other critical infrastructure industries, including financial services, the public sector, energy, transportation, education, and communication, are also experiencing rising breach costs. Critical infrastructure companies faced data breach expenses nearly 29% higher than other industries, with costs increasing by nearly 5% from the previous year. Law enforcement involvement in data breach incidents resulted in average cost savings of $470,000, yet 37% of victims did not contact law enforcement.
