1. Introduction
Sometimes people ask me about the financial benefit a customer will receive as a result of IT assets’ security audit or penetration testing. Everyone hopes that they will not be affected by an IT security problem and that they will not lose customers as a result of downtime, data breaches or loss. So I suggest we look at the benefits in terms of avoided costs. To do this, let us turn to IBM’s Cost of a Data Breach Report 2024.
This study from IBM and the Ponemon Institute sheds light on this growing challenge, drawing on insights from more than 600 organisations and more than 3,500 professionals who’ve experienced breaches first hand.
The headline finding is eye-opening: data breaches now cost organisations nearly 5 mln. USD on average – a 10% jump from last year and the highest increase since the pandemic. This alarming trend signals that organisations need to rethink their approach to cybersecurity before they become the next headline.
2. Key Findings
2.1. The Growing Price Tag of Data Breaches
Data breaches are becoming significantly more expensive. The average cost has surged to 4.88 mln. USD – the highest ever recorded in the report’s history. This is the steepest increase since the COVID-19 pandemic began.
Some industries and regions face even higher costs. American companies typically pay nearly double the global average, while healthcare organisations face the highest financial burden of any sector, with costs approaching 10 mln. USD per breach.
Costs are also rising at the individual record level. Each compromised record now costs an average 169 USD globally – a figure that has risen steadily in recent years.
2.2. How AI and Automation Are Changing the Game
There’s a bright spot in the report: organisations that use artificial intelligence and automation in their security operations are seeing dramatic benefits. Those using AI in their prevention strategies saved over 2 mln.USD compared to those who haven’t embraced these technologies.
More and more organisations are realizing this benefit. Two-thirds of surveyed organisations are now using AI and automation in their security operations – a significant increase from last year.
These technologies not only save money, but also help organisations respond more quickly. Organisations that use AI and automation identified and contained breaches 70 days faster than those without these tools – a crucial advantage when every day of an active breach increases costs.
2.3. The Hidden Dangers of Shadow Data and Cloud Environments
One in three breaches involve what experts call “shadow data” – information that organisations don’t even know they have or don’t track properly. This invisible data represents a significant blind spot in many security strategies.
The complexity of modern IT environments adds another layer of risk. Forty percent of breaches involved data spread across multiple environments – public clouds, private clouds, and on-premises systems. These complex breaches cost more (over 5 mln.USD on average) and took much longer to identify and contain – in average 291 days.
2.4. The Enemy Within: Insider Threats
Some of the most damaging breaches come from within. Malicious insider attacks – where employees or contractors deliberately misuse their access – proved to be the most expensive type of breach, costing on average 4.99 mln.USD per incident.
This highlights the importance of not only defence against external threats, but also careful management of who has access to sensitive information within your organisation.
2.5. The Long Shadow of a Breach
The aftermath of a breach often costs more than the breach itself. Three-quarters of the increased costs in this year’s report came from lost business and post-breach response activities – things like setting up help desks, providing credit monitoring, and paying regulatory fines.
The operational impact is also significant. Seven out of ten organisations reported that their operations were significantly or moderately disrupted following a breach, which demonstrates that the true costs go beyond dollars and cents.
3. New Trends
3.1. The Double-Edged Sword of Generative AI
As organisations rush to adopt generative AI, a worrisome security gap is arising. Only about a quarter of generative AI initiatives have adequate security measures in place. This oversight creates a new frontier of vulnerability that could lead to serious breaches.
As sensitive data increasingly flows into AI systems, security for these new technologies must become a priority before they become the next major attack vector.
3.2. Getting Ahead of Threats
More organisations are moving from a reactive to a proactive approach to security. Organisations that identified breaches with their own security teams (rather than learning about them from attackers or third parties) saved almost 1 mln.USD per breach.
This proactive trend is encouraging as more organisations invest in threat detection and response capabilities that can identify problems before they become major incidents.
4. Key Takeaways
The report offers several valuable lessons for organisations that are seeking to strengthen their security posture:
- Smart technology makes a difference: AI and automation significantly reduce both the cost of breaches and response times.
- Know your data landscape: Shadow data and complex cloud environments create dangerous blind spots.
- Address the talent gap: Organisations with security staff shortages face substantially higher breach costs.
- Speed matters: Rapid breach detection and containment breaches can reduce costs by nearly a quarter.
5. Practical Recommendations
Based on these findings, here are concrete steps organisations should consider:
- Embrace AI-powered security: Implement AI and automation into your security operations, especially for prevention.
- Map your data: Identify and secure shadow data across all environments, with a particular focus on cloud storage.
- Strengthen access controls: Implement privileged access management to reduce the risk of insider threats.
- Prepare for the worst: Invest in breach response planning and regular crisis simulations.
- Secure your AI initiatives: When adopting generative AI, make security a foundational requirement, not an afterthought.
- Address workforce gaps: Combine strategic hiring with AI tools to maximise the effectiveness of your security team.
6. Conclusion
The “Cost of a Data Breach Report 2024” paints a clear picture: data breaches are becoming more costly and disruptive than ever before. However, it also shows that organisations that take a proactive, technology-enabled approach to security can significantly reduce their risk and potential costs.
Through investments in AI and automation, security for complex data environments, solutions to personnel challenges, and preparation for incidents before they occur, organisations can better protect themselves in an increasingly dangerous digital landscape. The threat landscape will continue to evolve, but with the right approach, they can stay one step ahead.
References
IBM Cost of a Data Breach Report 2024: https://www.ibm.com/reports/data-breach