Companies and organizations facing a data breach spend an average of $4.45 million to fix the problem. Yet that does not prompt most to increase their cybersecurity budget. Indeed, a majority pass on the cost of the incident to customers and consumers. That's according to the report 'Cost of a Data Breach. Report 2023" by IBM. The study was conducted by the Penomon Institute, which has done so for 18 consecutive years. Researchers analyzed data breaches at 553 companies and organizations worldwide.
The cost of a data breach has increased 15 percent in the past three years compared to three years ago. Detection and scale-up costs increased 42 percent over the same period. That explains why companies and organizations will lose an average of $4.45 million (more than 4 million euros) in 2023 when a data breach occurs.
Of the organizations surveyed, 95 percent said they had experienced multiple data breaches. You would say that is reason to increase the budget for cybersecurity, information security and digital resilience. Nothing could be further from the truth, however. Half of the companies surveyed (51 percent) say they increase their investments when a data breach has occurred. A majority (57 percent) say they pass on the costs of such an incident to their customers.
Another finding is that only a third of the data breaches surveyed were discovered by company IT employees themselves. A quarter of the leaks (27 percent) were announced by hackers. If attackers reported the leak, the victim lost an average of nearly one million dollars more. Some 40 percent of data breaches last year were discovered by an independent third party, such as the police, intelligence agency or cybersecurity agency.
Another way to save money in a data breach is to call in the police. By doing so, victims saved an average of $470,000, or about 425,000 euros. Just over a third of the companies surveyed (37 percent) reported the leak to the police. Nearly half of those surveyed (47 percent) paid a ransom to the perpetrators.
Early detection and rapid response can significantly reduce the impact of a cyberattack, according to Chris McCurdy, general manager at IBM Security Services. Artificial intelligence (AI) can help in his view.
"Security teams must focus on where cybercriminals are most successful and concentrate their efforts on stopping cyberattacks before they reach their target. Investments in risk detection and response methods that increase speed and efficiency-such as AI and automation-are crucial to turning the tide," the top executive said.
According to the researchers, companies and organizations using AI and automation significantly reduce the turnaround time of a data breach. The time to handle a leak then drops from an average of 322 days to 214 days. In addition, the investment resulted in cost savings of $1.8 million on average.
