According to the 2023 Cost of a Data Breach Report, the cost of a data breach averages $4.45 million globally this year. That’s up 15% over the last three years and marks the highest ever in the 18 years that IBM has been publishing the report. The increase reflects a move toward more complex breach investigations. Detection and escalation costs are up 42% over the last three years.
But it appears that companies would prefer their customers pay for the extra expenses. Among studied organizations that suffered a breach, 57% indicated they would pass incident costs onto consumers, compared with 51% that planned to increase security investments.
The report also identifies a beneficial role for AI and automation. Organizations that extensively used both AI and automation saw data breach lifecycles of 214 days, compared with 322 days among studied organizations that did not use those tools.
Calling the police also appears to be a fruitful move. Ransomware victims in the study saved an average $470,000 in breach costs when they involved law enforcement.
Detecting a breach still seems frustratingly difficult. An organization’s own security team detected only one-third of the studied breaches, but their costs were lower than for the 27% of breaches that were revealed by the threat actor.
IBM’s report draws on responses from 553 organizations worldwide from March 2022 to March 2023. The research was conducted by the Ponemon Institute.