Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs
IBM Security released its annual Cost of a Data Breach Report showing
the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15%
increase over the last 3 years. Detection and escalation costs jumped 42% over
this same time frame, representing the highest portion of breach costs, and
indicating a shift towards more complex breach investigations.
According to the 2023 IBM
report, businesses are divided in how they plan to handle the increasing cost
and frequency of data breaches. The study found that while 95% of studied
organizations have experienced more than one breach, breached organizations
were more likely to pass incident costs onto consumers (57%) than to increase
security investments (51%).
The 2023 Cost of a Data Breach Report
is based on in-depth analysis of real-world data breaches experienced by 553
organizations globally between March 2022 and March 2023. The
research, sponsored and analyzed by IBM Security, was conducted by Ponemon Institute
and has been published for 18 consecutive years. Some key findings in the 2023
IBM report include:
· AI Picks Up Speed – AI
and automation had the biggest impact on speed of breach identification and
containment for studied organizations. Organizations with extensive use of both
AI and automation experienced a data breach lifecycle that was 108 days shorter
compared to studied organizations that have not deployed these technologies
(214 days versus 322 days).
· The Cost of Silence – Ransomware victims in the study that involved law enforcement
saved $470,000 in average costs of a breach compared to
those that chose not to involve law enforcement. Despite these potential
savings, 37% of ransomware victims studied did not involve law enforcement in a
ransomware attack.
· Detection Gaps –
Only one third of studied breaches were detected by an organization's own
security team, compared to 27% that were disclosed by an attacker. Data
breaches disclosed by the attacker cost nearly $1 million more on
average compared to studied organizations that identified the breach
themselves.
"Time is the new currency in
cybersecurity both for the defenders and the attackers. As the report shows,
early detection and fast response can significantly reduce the impact of a
breach," said Chris McCurdy, General Manager, Worldwide
IBM Security Services. "Security teams must focus on where
adversaries are the most successful and concentrate their efforts on stopping
them before they achieve their goals. Investments in threat detection and
response approaches that accelerate defenders speed and efficiency – such as AI
and automation – are crucial to shifting this balance."
According to the 2023 report, studied organizations that fully deploy security
AI and automation saw 108-day shorter breach lifecycles on average compared to
organizations not deploying these technologies – and experienced significantly
lower incident costs. In fact, studied organizations that deployed security AI
and automation extensively saw, on average, nearly $1.8
million lower
data breach costs than organizations that didn't deploy these technologies –
the biggest cost saver identified in the report.
I
At the same time, adversaries have
reduced the average time to complete a ransomware attack. And with nearly 40% of
studied organizations not yet deploying security AI and automation, there is
still considerable opportunity for organizations to boost detection and
response speeds.
Leave A Comment