The global average cost of a network data breach has climbed to a record $4.88 million – which represents a 10% increase from 2023 and the largest spike since the pandemic.
That’s according to IBM’s 2024 Cost of a Data Breach Report, which analyzed real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024. The 19th annual version of the report, conducted by Ponemon Institute, identified key issues that directly impacted rising breach costs, including growth in highly distributed on-premise, private and public cloud resources as well as security staffing shortages.
Lost business costs and post-breach response costs climbed significantly, IBM found; these costs, taken together, account for $2.8 million of the $4.88 million average breach cost.
For the 14th year, the United States had the highest average data breach cost – $9.36 million – among the 16 countries and regions studied. Rounding out the top 5 were the Middle East, Germany, Italy and Benelux. Notably, Canada and Japan saw average costs drop, while Italy and the Middle East saw significant increases, researchers stated.
“These multi-environment breaches cost more than $5 million on average and took the longest to identify and contain (283 days), highlighting the challenge of tracking and safeguarding data, including shadow data, and data in AI workloads, which can be unencrypted,” wrote IBM Security team member John Zorabedian in a blog discussing the research results.
“The types of data records stolen in these breaches underscored the growing importance of protecting an organization’s most sensitive data, including customer personal identifying information (PII) data, employee PII, and intellectual property (IP). Costs associated with customer PII and employee PII records were the highest on average,” Zorabedian stated.
Customer PII was involved in more breaches than any other type of record (46% of breaches). IP may grow even more accessible as gen AI initiatives bring this data out in the open. With critical data becoming more dynamic and available across environments, businesses will need to assess the specific risks of each data type and their applicable security and access controls, Zorabedian wrote.
A recent Cisco study supported IBM’s results and found that 92% of organizations had deployed two or more public cloud providers to host their workloads and 34% using more than four, according to last year’s networking trends report.
“However, each public cloud service provider, private data center, and hybrid cloud environment uses different network and security operational models. Organizations need to address the resulting management complexity with a strategy that enables better visibility and more consistent control of connectivity and security across disparate private and public cloud environments,” Cisco stated.
Looking ahead to two years from now, 60% of companies expect to have an integrated multicloud networking and security management platform with common APIs for secure workload mobility, network and application visibility, and policy management, Cisco stated.
As for staff shortages, the problem continues to grow Zorabedian wrote: “53% of organizations facing a high-level skills shortage, up 26% from 2023. The industry-wide skills shortage could be expensive for organizations. Those with severe staffing shortages experienced breach costs that were $1.76 million higher on average than those with low-level or no security staffing issues.”
At the same time, staffing shortages may see some ease, as businesses reported they intend to increase security investments as a result of the breach. Organizations planned investments including threat detection and response tools like SIEM, SOAR and EDR, according to the report. Organizations also plan to increase investments in identity access management, and data protection tools.
The staff shortages, however, may be driving large organizations to turn to AI and security automation to help out and reduce breach costs, Zorabedian wrote. “More organizations are adopting AI and automation in their security operations, up 10% from the 2023 report. And most promising, the use of AI in prevention workflows had the highest impact in the study, reducing the average cost of a breach by $2.2 million, compared to organizations that didn’t deploy AI in prevention.”
Only 20% of organizations said they are using gen AI security tools, yet those that did saw a positive impact. GenAI security tools were shown to mitigate the average cost of a breach by more than $167,000, according to Zorabedian.
Some other noteworthy findings from the IBM report include: