Every year, "IBM's Cost of a Data Breach Report", takes an in-depth look at corporate data breaches. Done in partnership with Ponemon Institute, this year's report highlights the stunning financial cost of breaches and other key findings from 2023. The report paints a realistic picture of the security of corporate America, for better or worse, and how AI (artificial intelligence) can help going forward.

$4.45 Million Per Breach and Counting

The report finds the cost of a data breach in the U.S. now averages $4.45M per attack, up 15% over the past three years, and has been the costliest in the world for the past 13 years in a row.

Of the organizations involved in the study, 95% say they've experienced more than one breach. Of that group, 57% say they pass the cost of their breach onto their customers, while 51% are likely to invest in security. Of that 51%, 50% say they would invest in incident response; 46% with employee training, and 38% in threat detection and response technology.

Industry-specific, the two most costly breaches are healthcare at $10.93M, up 53.3% since 2020, and financial at $5.9M. Geographically speaking, the costliest breaches occur in the U.S. at $9.48M, the Middle East at $8.07M, and Canada with $5.13M.

 The Costliest Attacks

• The many types of breaches have different price tags, but listed here, the most costly that are also some of the most common methods of attack. Phishing and compromised credentials, the two most common types of attacks, combined, are responsible for 31% of all breaches.
• Malicious insiders, or those attacks coming from within an organization, are the most expensive at $4.9M. Making up only 6% of attacks, they were 9.6% higher than the global average cost per data breach at $4.45M per breach.
• Phishing is the most frequent way attackers breach an organization and the second most costly type of breach at $4.76M
• Also commonly used for attacks are stolen or otherwise compromised credentials at $4.62M
• Ransomware on its own, made up 24% of all breaches, with the price of an attack averaging $5.13M, up 13% from last year.

Mega Breaches x 100

You've heard about them in the news and may have been a victim of them. Mega breaches, where millions, not thousands, of records are lost, the cost of these attacks far outreach the cost of average breaches. In a mega breach where 50 million to 60 million records are stolen, costs are over 100 times greater than the average data breach. But there is also rare, good news. This year's report found that same group decreased the cost of a mega breach by $55M, or 14.2% at $332M per breach.

AI To the Rescue

In a world where most users now have access to AI tools, cybercriminals too have upped their game with the help of AI. However, the other side of the coin is that AI can be used to thwart attacks through earlier detection and faster response times.

In the report, data breaches for those organizations with extensive use of AI and automation had a breach lifecycle 108 days shorter than those businesses not using these technologies. In total, 214 days as opposed to 322 days. A shorter lifecycle means less breach damage and lower financial costs for the victims.

In this year's report, we see that data breaches continue to grow in volume along with increased price tags. But, the organizations themselves aren't the only ones paying the price. Those of us from big cities to Main Street feel the pain when our PII (personally identifiable information) is involved in data breaches. The hope is that a combination of using new technologies like AI and improved use of cybersecurity tools by organizations, we'll all begin to see improvement from mega breaches to Main Street.