According to new research from IBM, in 2024, the average cost of a data breach rose to $4.88 million, which is a 10% increase from last year.
IBM’s findings imply that the costs have risen because the collateral damage from a breach — lost business, post-breach customer costs, etc — is having a greater impact on the business.
Recovering from a data breach is also taking longer, if ever. Only 12% of the organizations IBM surveyed said they considered themselves to have “fully recovered” from a breach. Among those, the average recovery time was over 100 days.
The report also found that understaffing significantly adds to the cost of a breach. Companies with severe staffing shortages saw an average of $1.76 million higher data breach costs than companies with no or low staffing problems.
Sixty-three percent of companies said they planned to increase their security budgets this year, compared to only 51% in 2023. They also say that employee training will be a top priority for them this year.
IBM also believes that AI can significantly cut down on the financial damage from a breach. Companies that use AI and automation in their security operations center saw up to $2.2 million less in costs after a breach compared to companies that don’t use automation and resolved issues up to 98 days faster.
According to IBM, this year the average lifecycle of a data breach hit a seven year low of 258 days. Increases in internal detection is likely contributing to the number being so low.
“As generative AI rapidly permeates businesses, expanding the attack surface, these expenses will soon become unsustainable, compelling business to reassess security measures and response strategies,” said Kevin Skapinetz, vice president of Strategy and Product Design at IBM Security. “To get ahead, businesses should invest in new AI-driven defenses and develop the skills needed to address the emerging risks and opportunities presented by generative AI.”
Other interesting findings are that IP theft grew 27% in the last year, stolen/compromised credentials were the most common attack vector, and ransomware victims saved money by involving law enforcement.
Read the full report here.
You may also like…
PagerDuty embeds generative AI across its Operations Cloud platform
