The cost of a data breach and how AI can save millions

The average cost of a data breach in 2023 was USD 4.45 million, an increase of 2.3% from 2022, as per IBM’s 2023 Cost of a Data Breach Report. This is the highest average cost of a data breach on record, and it is a trend that is likely to continue in the years to come. 

However, amidst the rising costs, there’s hope in the form of cutting-edge technology: Artificial Intelligence (AI). The report highlights the fact that time is money when it comes to breach detection and AI played a crucial role. Organizations using AI and automation detected and contained breaches 108 days faster, resulting in cost savings and quicker damage control.

This report offers valuable insights to IT risk management and security leaders, helping them reduce breach risks and associated costs. It surveyed 553 organizations affected by data breaches between March 2022 and March 2023, providing a comprehensive overview of breach costs, contributing factors, and best practices for risk reduction.

Cost of a Data Breach 2023 Report: the highlights

1.  The rising costs of data breaches: a burden on customers

The average total cost of a data breach reached an all-time high in 2023, amounting to USD 4.45 million. This represents a 2.3% increase from the previous year and a 15.3% rise since 2020. 
 

Source: IBM's Cost of a Data Breach Report 2023

Surprisingly, only 51% of breached organizations plan to boost their security spending. Instead, 57% of respondents increased the prices of services and products as a result of a data breach. In other words, the cost of a data breach is passed on to the customer as opposed to investing in security.

2.  Identifying the top costs amplifiers in data breaches

The three most impactful cost amplifiers in data breaches are:

• Security skills shortage: Organizations with a high level of security skills shortage had an average cost that was 18.6% higher than the overall average cost of a data breach.
• Security system complexity: Those with a high level of security system complexity had an average cost that was 17.1% higher compared to the average cost of a data breach.
• Noncompliance with regulations: Organizations with a high level of noncompliance with regulations showed an average cost that exceeded the average cost of a data breach by 12.6%.

3.  Data breach costs vary per country, industry, and company size. United States and the healthcare sector lead the way.

For the 13th consecutive year, the United States held the title for the highest data breach costs (USD 9.48 million, an increase of 0.4% from last year’s report). The top five countries or regions with the highest average cost of a data breach: 

1. United States: USD 9.48 million
2. Middle East: USD 8.07 million
3. Canada: USD 5.13 million
4. Germany: USD 4.67 million
5. Japan: USD 4.52 million

 Source: IBM's Cost of a Data Breach Report 2023

In a parallel trend, the healthcare industry bears the brunt of data breaches for the 13th consecutive year, reporting an average cost of USD 10.93 million (an increase of 8.2% from 2022). Interestingly, since the start of the COVID-19 pandemic, the healthcare industry has seen notably higher average data breach costs. Among the top five costliest industries are:

1. Healthcare: USD 10.93 million
   
2. Financial: USD 5.90 million
   
3. Pharmaceuticals: USD 4.82 million
   
4. Energy: USD 4.78 million
   
5. Industrial: USD 4.73 million

Smaller organizations saw higher data breach costs in 2023, with a 13.4% increase for those with fewer than 500 employees. Larger organizations (over 5,000 employees) experienced a 2.5% decrease in breach costs.

4.  Phishing remains the most costly cause of data breaches

The report highlights that phishing attacks continue to be the leading entry point for data breaches. 16% of breaches were initiated through phishing.

Cybercriminals often exploit human vulnerabilities through deceptive emails and malicious links, making it crucial for organizations to enhance employee training on cybersecurity best practices and deploy AI-powered tools to detect and thwart phishing attempts promptly.

5.  Security AI and Automation, a DevSecOps approach, and Incident Response can save millions of dollars

The report emphasizes the critical role of cutting-edge technologies like AI, automation, and DevSecOps in mitigating data breach risks and minimizing costs.

Security AI and Automation

Organizations that extensively integrated security AI and automation throughout their operations detected and contained breaches 108 days faster. This led to significant cost savings of USD 1.76 million.

 Source: IBM's Cost of a Data Breach Report 2023

Surprisingly, despite the clear benefits demonstrated by AI and automation, only 28% of organizations extensively used security AI and automation tools in their cybersecurity processes, while 33% had limited use. That leaves nearly 4 in 10 relying solely on manual inputs in their security operations.

DevSecOps approach

Organizations with high DevSecOps (an approach that integrates security testing in the software development process) adoption saved USD 1.68 million compared to those with low or no adoption.

When considering various cost-mitigating factors, DevSecOps stood out as the most impactful in reducing data breach costs. By prioritizing security throughout the development process, organizations can effectively prevent vulnerabilities and respond swiftly to potential threats, resulting in substantial financial benefits and strengthened cybersecurity measures.

Incident Response (IR)

Organizations with high levels of IR planning and testing saved USD 1.49 million compared to those with low levels. Having a dedicated incident response team and rigorously testing response plans lead to a significant advantage, enabling them to identify breaches a remarkable 54 days faster. 

This proactive approach proves to be a game-changer. By emphasizing security preparedness from the outset and responding with precision to incidents, organizations can save millions of dollars while fortifying their overall cybersecurity resilience.

6.  Accelerating incident response: minimizing data breach costs

The time to identify and contain a data breach is approximately 277 days, a critical metric that reflects the effectiveness of an organization's Incident Response (IR) and containment processes. 

IBM’s report identified that prompt action in addressing breaches could lead to significant financial benefits. Data breaches detected and contained within 200 days are associated with 23% lower costs compared to those taking longer to resolve.

To optimize response times, organizations should have a robust incident response plan in place, ensuring swift identification and containment to minimize damages and financial losses.

7.  Breaches cost less if own SecOps teams find them first

Only one-third (33%) of companies discovered the data breach through their own security teams, highlighting a need for better threat detection. 67% of breaches were reported by a benign third party or by the attackers themselves. Breaches disclosed by attackers cost nearly USD 1 million more and took the longest to identify and contain.

8.  But, don't just call your IT Department, involve law enforcement

Ransomware attacks continue to be a prevalent threat, comprising nearly one-quarter of all data breaches. An increase of 13% in costs indicates ransomware is a growing threat.

Notably, organizations that chose not to involve law enforcement in ransomware incidents experienced an additional cost of USD 470,000, highlighting the importance of law enforcement collaboration. While 63% of respondents reported involving law enforcement, the 37% that refrained from doing so paid 9.6% more and faced a 33-day longer breach lifecycle.

 Source: IBM's Cost of a Data Breach Report 2023

However, there is a silver lining: organizations employing automated response playbooks or workflows demonstrated substantial benefits, reducing containment time by 16%. By leveraging automated response solutions, organizations can effectively curtail the impact of ransomware and minimize financial losses.

Recommendations to reduce costs and lower detection time:

1. Integrate security into every stage of software development and deployment, with regular testing.
2. Modernize data protection across hybrid cloud environments.
3. Leverage AI and automation for faster and more accurate threat detection and response.
4. Strengthen resiliency through comprehensive incident response practices.