IBM‘s 19th annual Cost of a Data Breach Report offers critical insights for IT, risk management, and security leaders to refine their strategic decisions and enhance their security investments. Conducted by Ponemon Institute and sponsored by IBM, the study analyzed 604 organizations affected by data breaches between March 2023 and February 2024.

This year’s report highlights significant technological shifts, such as the rise of shadow data—unmanaged data sources that complicate security—and the extent of business disruptions caused by data breaches. The research spanned 17 industries across 16 countries, examining breaches involving 2,100 to 113,000 compromised records and involved interviews with 3,556 security and business leaders.

Major Developments in 2024

1. Increased Breach Costs:

– The global average cost of a data breach rose 10%, reaching $4.88 million, the largest increase since the pandemic.

– Business disruptions and post-breach responses, including customer support and regulatory fines, drove this increase.

– More than half of organizations passed these costs onto customers, complicating competitive market dynamics amid inflationary pressures.

2. Impact of AI and Automation:

– Extensive use of AI and automation in security operations reduced breach costs by an average of $2.2 million.

– AI and automation also shortened the time required to detect and contain breaches, highlighting their value in mitigating damage and costs.

Key Findings

– Cyber Skills Shortage:

– Over half of the breached organizations faced severe security staffing shortages, a 26.2% increase from the previous year.

– Despite the adoption of generative AI (gen AI) tools, the skills gap continues to challenge cybersecurity teams.

– Shadow Data Risks:

– Shadow data was involved in 35% of breaches, correlating with a 16% higher cost of breaches.

– Breaches involving data stored across multiple environments took longer to identify and contain compared to those in a single environment.

– Customer Personal Data:

– Nearly half of breaches involved customer personal identifiable information (PII), significantly impacting costs and regulatory responses.

– Breach Lifecycles:

– Breaches involving stolen credentials took the longest to identify and contain, averaging 292 days.

– Malicious insider attacks were the most expensive, costing an average of $4.99 million per breach.

– Industry-Specific Insights:

– The industrial sector saw the highest increase in breach costs, up by $830,000 per breach.

– Healthcare, despite a 10.6% decrease in average breach costs, remains the costliest industry for breaches due to its vulnerability and potential impact on patient safety.

Recommendations and Innovations

The report emphasizes the need for robust security defenses and innovative strategies, particularly in adopting AI for security operations. It provides benchmarks and actionable insights to help organizations reduce the financial and reputational impacts of data breaches. Notable areas of focus include:

– Assessing and managing shadow data.

– Enhancing AI and automation in prevention, detection, investigation, and response.

– Addressing the cybersecurity skills gap through strategic investments and training.

IBM’s Cost of a Data Breach Report continues to evolve, reflecting emerging technologies, tactics, and recent events. The 2024 edition underscores the importance of proactive measures and advanced technologies in safeguarding against increasingly sophisticated cyber threats.

Download the full report here.