The latest IBM Cost of Data Breach report reveals that the damage done by security incidents is up yet again, continuing to climb (at least a little) year over year and set new records.
The numbers indicate that cyber defense is not going in the same direction. Only a little over half of respondents said that they increased security spend in the wake of a breach, and the majority of incidents are not discovered by the company until some external party (whether that be a white hat or the black hats responsible) points it out to them.
Average cost of data breach ranges from $1 million to $9 million depending on location, industry
Where you are located and the industry you are in can have a major impact on the average cost of data breach. Generally, the more popular targets for hackers pay in the range of $5 to $9 million for incident recovery. This is true of industry as well, and the general rule of thumb here is that the more personal data is involved the costlier the cleanup will be; health care now leads the average cost of data breach at nearly $11 million. But even if you’re in a low-priority industry in an economically developing country, you’re still likely looking at a cost of over $1 million.
Damage is also not necessarily proportional to business size. While larger businesses do tend to pay larger amounts on average, medium-size businesses saw the biggest leap in their average cost this year while the ones with the most employees actually saw a small reduction.
Though the cost of data breaches continues to climb, nearly half of organizations do not increase their cybersecurity spend after one happens. Those that do tend to focus the money on preparation and training for employees rather than new technologies. This is in spite of the fact that those with AI and automation tools deployed saw an average reduction of $1.76 million in cost, along with a drop in the average containment time from 277 to 169 days.
What other factors reduce the cost of data breaches?
The Cost of Data Breach report has been finding that expenses are doing nothing but climbing, and setting new records each year. The “pandemic crime wave” that began in 2020 has prompted an overall increase of about half a million dollars on average (with the total now sitting at $4.45 million globally), but costs were already quite substantial before that.
Aside from investing in AI and automation, what other means are available to chip away at this total? The report also finds that internal teams need to be the first to the ball, as it provides an average cost savings of $1 million. That is actually relatively uncommon at present, as over 65% of the time an organization does not learn about a data breach until either an outside security expert hits upon it or the threat actors come to them for a ransom.
Organizations are also still shy about involving law enforcement, a mistake in terms of cost savings. The assumption tends to be that paying off the attackers is the quickest and cheapest way out of a ransomware or data extortion scenario, but these organizations tend to pay nearly half a million dollars more on average and 37% actually experience a longer breach cycle.
But likely the biggest cost saver is in anonymizing and encrypting stored personal data, which is by far the costliest element of any data breach.