IBM has published its 2023 Cost of a Data Breach Report, which is based on a survey conducted by Ponemon Institute. This has found, amongst other things, that AI is having a positive impact on breach lifecycles.
The report shows that the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15 percent increase over the last three years. Detection and escalation costs jumped 42 percent over this same time frame, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations.
According to the 2023 IBM report, businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that while 95 percent of studied organizations have experienced more than one breach, breached organizations were more likely to pass incident costs onto consumers (57 percent) than to increase security investments (51 percent).
Other key findings include:
- AI and automation had the biggest impact on speed of breach identification and containment for studied organizations. Organizations with extensive use of both AI and automation experienced a data breach lifecycle that was 108 days shorter compared to studied organizations that have not deployed these technologies (214 days versus 322 days).
- Ransomware victims in the study that involved law enforcement saved $470,000 in average costs of a breach compared to those that chose not to involve law enforcement. Despite these potential savings, 37 percent of ransomware victims studied did not involve law enforcement in a ransomware attack.
- Only one third of studied breaches were detected by an organization's own security team, compared to 27 percent that were disclosed by an attacker. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organizations that identified the breach themselves.