The Cost of a Data Breach Reaches an All-Time High
Like most things in life, the cost of a data breach has gone up, reaching an all-time high of $4.45 million—a 2.3% increase over last year’s cost, according to IBM’s newly-released Cost of a Data Breach 2023 report.
In the firm’s 2020 report, the average cost was $3.86 million, a 15.3% increase. Not surprisingly, this is prompting 51% of organizations to increase security investments as a result of a breach, in areas including incident response (IR) planning and testing, employee training, and threat detection and response tools.
Enter AI and Automation
As in many other use cases, AI can be the panacea. Organizations that use security AI and automation extensively can realize an average savings of $1.76 million compared to organizations that don’t, the report notes.
The moral of the story? Investing in security AI and automation are important investments for reducing costs and minimizing time to identify and contain breaches.
When time is of the essence, extensive security AI and automation reap benefits, reducing the time to identify and contain a breach by more than 100 days. The research also found that when security AI and automation were widely used, security teams were able to identify and contain a breach in 214 days–108 days shorter than those with no use.
What this all boils down to is that identifying and containing a breach with extensive use of security AI and automation took just 66% of the time it took organizations with no use. And something is better than nothing.
Notably, even limited use also made a significant impact, with an average time to identify and contain a breach in 234 days. This was 88 days shorter than organizations with no use. So there is a significant acceleration in the time to identify and contain a breach as well as a big cost reduction.
Organizations that did not use AI automation experienced a 322-day breach period.
Breaches Discovered With an Organization’s Own Tools
Only one in three companies discovered a data breach through their own security teams, highlighting a need for better threat detection. Some 67% of breaches were reported by a third party or by the attackers themselves. In the latter instance, it cost organizations nearly $1 million more compared to internal detection.
Further, there was a significant increase in data breach costs for organizations that had high levels of security system complexity, the report observes. In 2023, organizations that either had low or no security system complexity experienced an average data breach cost of $3.84 million. However, those with high levels of security system complexity reported an average cost of $5.28 million—a 31.6% increase.
DevSecOps is Another Saving Grace
Utilizing DevSecOps is paying off in dividends. The report found that organizations with high levels of DevSecOps adoption witnessed “sizeable ROI” this year: $1.68 million compared to those that had low or no adoption.
This was the highest cost savings compared to other cost-mitigating factors.
For the first time in the 18 years of the report, IBM also looked at how organizations prioritized risks and vulnerabilities and how this impacted the cost of a data breach.
Organizations that use more proactive and risk-based vulnerability management approaches, such as vulnerability testing, penetration testing, or red teaming, experienced lower than average data breach costs compared to organizations that relied solely on the industry standard CVE and CVSS.
IBM said the research was based on surveying 553 organizations worldwide impacted by data breaches that occurred between March 2022 and March 2023.
About the author: Esther Shein is a longtime freelance tech and business writer and editor whose work has appeared in several publications, including CIO.com, TechRepublic, VentureBeat, ZDNet, TechTarget, The Boston Globe and Inc. She has also written thought leadership whitepapers, ebooks, case studies and marketing materials.
