Average cost of a data breach to organisations hits all time high in 2023

Penalty estimated at $4.45 billion, according to IBM Security

The report found that AI and automation reduced breach lifecycles by 108 days to 214 days where organisations used the technology extensively. Photograph: iStock
The report found that AI and automation reduced breach lifecycles by 108 days to 214 days where organisations used the technology extensively. Photograph: iStock

The average cost of a data breach to organisations hit an all time high in 2023, new research has found, but only about half of organisations that suffered a security breach plan to increase cybersecurity spending.

Artificial intelligence is also playing a role in dealing with security breaches, cutting the time taken to identify and contain breaches.

The Cost of a Data Breach Report from IBM Security estimated the cost of a data breach globally at $4.45 billion (€4 billion), a 15 per cent rise on the past three years, while detection and escalation costs rose 42 per cent as breach investigations became increasingly complex.

The report is based on analysis of real-world data breaches at 553 organisations globally between March 2022 and March 2023.

READ MORE

Some 95 per cent of organisations studied by IBM Security experienced more than one breach, with 57 per cent saying they would pass incident costs on to consumers, and only 51 per cent would increase security investments.

“Across the globe, and very similar to the UK, this report confirms what we are seeing as ordinary citizens in Ireland. Across all industries studied customer personally identifiable information was the most commonly breached record type and the costliest. In Ireland, we are seeing a surge in phishing emails and texts in recent months,” said Elaine Hanley, Security Services, IBM Ireland.

“Globally, we are seeing that firms with a smaller number of employees were disproportionally affected by higher breach costs, which in the context of Ireland means that most of the indigent industries operating here need to pay attention to cybersecurity.”

The report found that AI and automation reduced breach lifecycles by 108 days to 214 days where organisations used the technology extensively.

Ransomware attacks also cost $470,000 more where victims did not involve law enforcement, with 37 per cent of those hit by ransomware failing to involve the police.

“The pandemic has accelerated digital transformation in Ireland and although this can be seen as generally positive, it does incur additional cybersecurity risks,” Ms Hanley said. “However, AI and automation had the biggest impact on speed of breach identification and containment for studied organisations. So now is the time to understand the technologies and strategies that best protect your data.”

A third of the breaches studied were detected by an organisation’s own security team, with just more than a quarter disclosed by an attacker – which cost nearly $1 million extra.

A breach that occurred across multiple environments also led to higher costs for the breach, at an average of $4.75 million. Almost 40 per cent of the breaches studied saw data lost across multiple environments, including public cloud, private cloud and on-premises.

The report also found the costs of breaches in healthcare rose more than 50 per cent since 2020, at an average of almost $11 million.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist