IBM Security’s latest report reveals that data breach costs in 2023 have continued to rise relentlessly, with the average global cost of a data breach reaching $4.45 million, representing a 15% increase over the past three years.
The report, known as the 2023 Cost of a Data Breach Report, extensively analyzed real-world data breaches experienced by 553 organizations worldwide between March 2022 and March 2023. Conducted by the Ponemon Institute, this report marks the 18th consecutive year of its publication.
Among the report’s key findings is a staggering 42% surge in detection and escalation costs over the last three years, which now constitute the largest portion of breach expenses. This indicates a shift towards more complex breach investigations.
Businesses appear to be divided on how to address the growing cost and frequency of data breaches. Although 95% of the surveyed organizations reported experiencing multiple breaches, breached companies were more inclined to pass on incident costs to consumers (57%) rather than increasing investments in security (51%).
Notably, the report highlights the significant role of artificial intelligence (AI) in automating data breach management in 2023. Organizations that extensively deployed AI experienced data breach lifecycles that were on average 108 days shorter compared to those not using AI. The adoption of AI also resulted in substantial cost savings, with an average of nearly $1.8 million saved per breach.
However, the report also points out challenges in the use of AI and other aspects of breach management. Many organizations are hesitant to involve law enforcement during ransomware attacks, possibly due to concerns about reputational damage. Yet, those who did not involve law enforcement experienced longer breach lifecycles (an average of 33 days longer) and incurred an additional $470,000 in breach costs.
Detecting breaches remains a significant challenge for organizations, with only a third of breaches being identified by the organization’s own security team or tools. Breaches that were disclosed by the attackers themselves resulted in higher costs, with an average increase of nearly $1 million, and longer lifecycles of around 80 days compared to those identified internally.
Chris McCurdy, the general manager of Worldwide IBM Security Services, emphasized the importance of time in cybersecurity. Early detection and swift response are crucial in mitigating the impact of a breach. He highlighted the need for investments in threat detection and response approaches that leverage AI and automation to enhance defenders’ speed and efficiency, thus tilting the balance in favor of organizations against cyber attackers.