A new report from IBM Corp. today finds that the average cost of data breaches in 2024 has hit a record high of $4.88 million, up 10% from 2023 as breaches grow more disruptive and further expand demands on cyber teams.

The figures come from IBM’s annual 2024 Cost of a Data Breach report based on an in-depth analysis of real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024. It was conducted by the Ponemon Institute and is the 19th straight year the report has been published.

Key findings in the report, alongside the 10% increase in average cost from a data breach, include that 70% of breached organizations reported that the breach caused significant or very significant disruption.

The rise in the cost of an average data breach was driven by lost business and post-breach customer and third-party response costs, as the collateral damage from data breaches has only intensified. The report notes that the disruptive effects of data breaches not only drive up costs but also result in longer recovery times, with recovery taking more than 100 days in some cases before an organization can fully recover.

Many organizations dealing with attacks were found to be struggling with understaffed security teams. The report finds that cybersecurity staffing shortages are up 26% compared to last year and that companies with cybersecurity staff shortages averaged an additional $1.76 million in breach costs versus companies with low-level or no security staffing issues.

In a notable shift over last year and a positive one, two out of three organizations were found to have or are in the process of deploying artificial intelligence security services and related automation tools across the security operations. In a definite selling point for AI security, organizations that are already using AI security tools were found to have incurred an average of $2.2 million less in breach costs compared to those who are not using AI in their workflows.

On the sort of data breaches managing to get through defenses, 40% were found to involve data stored across multiple including public cloud, private cloud and on-premises. These breaches were found to cost more than $5 million on average and took the longest to identify and contain, coming in at 283 days.

Other findings in the report include stolen or compromised credentials becoming the most frequent initial attack vector, accounting for 16% of breaches and were also the most time-consuming to resolve, often taking nearly 10 months. Critical infrastructure sectors, including healthcare, financial services and technology, faced the highest breach costs, with healthcare experiencing the costliest breaches for the 14th consecutive year, averaging $9.77 million.

While AI defenses are noted as rapidly being deployed, the report warns that embracing AI more broadly comes with increased risks.

“Businesses are caught in a continuous cycle of breaches, containment and fallout response,” said Kevin Skapinetz, vice president of strategy and product design at IBM Security. “This cycle now often includes investments in strengthening security defenses and passing breach expenses on to consumers – making security the new cost of doing business. As generative AI rapidly permeates businesses, expanding the attack surface, these expenses will soon become unsustainable, compelling businesses to reassess security measures and response strategies. To get ahead, businesses should invest in new AI-driven defenses and develop the skills needed to address the emerging risks and opportunities presented by generative AI.” 

Image: SiliconANGLE/Ideogram