In a recent report, IBM has unveiled that the average global cost of a data breach has reached a staggering $4.88 million in 2024, marking a notable 10% increase compared to the previous year. This rise, the most significant since the onset of the pandemic, reflects a growing trend of disruptions experienced by organizations. "70% of breached organizations reported that the breach caused significant or very significant disruption," said Kevin Skapinetz, Vice President of Strategy and Product Design at IBM Security.
"70% of breached organizations reported that the breach caused significant or very significant disruption,"
The findings stem from a comprehensive analysis of 604 organizations worldwide that endured data breaches from March 2023 to February 2024. This report is part of IBM's ongoing commitment to understanding the evolving landscape of cyber threats, having been published for 19 consecutive years. Among the highlighted trends is the profound impact of lost business and the escalated costs related to customer and third-party responses, which have contributed to the rising expenses following breaches.
One alarming trend identified in the report is the prevalence of data stored across multiple platforms. "Forty percent of breaches involved data stored across multiple environments including public cloud, private cloud, and on-prem," IBM noted. These multifaceted breaches incurred costs exceeding $5 million on average and had the longest identification and containment times, averaging 283 days.
"Forty percent of breaches involved data stored across multiple environments including public cloud, private cloud, and on-prem,"
AI and automation are playing increasingly pivotal roles in combating breaches. The report indicates that two-thirds of the organizations studied are implementing AI-driven security measures. "When these technologies were deployed extensively across prevention workflows, organizations incurred an average of $2.2 million less in breach costs," stated IBM. This figure underscores the substantial financial benefits of integrating advanced technologies into cybersecurity practices.
Race Results
Despite the potential for AI to mitigate costs, the report also highlights staffing issues that hamper organizations. A 26% increase in organizations reporting significant staffing shortages has exacerbated breach costs, with high-level shortages resulting in an average of $5.74 million in breach costs compared to $3.98 million when staffing levels were adequate. This staffing crisis coincides with a surge in concerns about new risks introduced by generative AI technologies.
"Businesses are caught in a continuous cycle of breaches, containment, and fallout response," Skapinetz elaborated. He emphasized the need for companies to invest in stronger security defenses and to adjust their approaches in light of these ongoing pressures. As generative AI transforms business operations, he noted that "these expenses will soon become unsustainable, compelling business to reassess security measures and response strategies."
"Businesses are caught in a continuous cycle of breaches, containment, and fallout response,"
Looking forward, there may be light at the end of the tunnel for understaffed security teams. The report reveals that 63% of organizations are planning to increase their security budgets in the coming year, up from 51% last year. Key areas of investment are expected to include employee training, incident response planning, and advancements in threat detection and response technologies.
Impact and Legacy
Incorporating these technologies could offer critical support in reducing breach impacts and costs. As organizations navigate the complex landscape of cybersecurity threats, maintaining a proactive approach is essential. "To get ahead, businesses should invest in new AI-driven defenses and develop the skills needed to address the emerging risks and opportunities presented by generative AI," concluded Skapinetz.
"To get ahead, businesses should invest in new AI-driven defenses and develop the skills needed to address the emerging risks and opportunities presented by generative AI,"
The implications of these findings are substantial, indicating that as organizations grapple with increasing costs and new threats, they will need to prioritize both technological advancements and human capital in their cybersecurity strategies. The evolving nature of cyber threats underscores the importance of adaptive measures, making investment in robust security systems more crucial than ever before.
