In 2024, the cost of a knowledge breach has surged to its highest annual increase since the pandemic, yet companies leveraging AI tools have largely mitigated the financial fallout’s impact.
According to the latest research, the global average cost of a knowledge security breach has increased by 10%, rising to $4.88 million from $4.45 million, with 604 organisations worldwide experiencing breaches between March last year and February 2024, as reported by ? Conducted by the Ponemon Institute, this comprehensive study involved in-depth interviews with 3,556 safety and business leaders from 16 countries and regions whose organizations had previously suffered breaches, providing a nuanced understanding of the complexities surrounding cybersecurity incidents.
Seventy percent of survey respondents reported that the security breaches they experienced had resulted in significant disruptions to their businesses, a finding echoed by IBM’s research. Losses stemmed from operational downtime, misplaced client relationships, and the significant costs of responding to the breach, including the need to staff dedicated customer support desks and navigate regulatory penalties.
Stolen or compromised credentials remained the most prevalent initial attack vector, responsible for a staggering 16% of breaches, with the average time to identify and contain reaching a concerning 10 months.
Within the past year, the healthcare industry experienced its most costly data breach to date, with a staggering price tag of $9.77 million.
Across the board, a significant proportion – 40 percent – of data breaches involved knowledge stored across various environments, including both cloud-based and on-premises systems, ultimately resulting in average damages of at least $5 million. Compared to the average duration of 258 days, it took them the longest to deliberate and conclude, requiring a significant 283 days.
The global average response time for addressing breaches has dipped to a seven-year low, down significantly from last year’s average of 277 days when companies typically took this long to detect and contain incidents.
The majority of these breaches, at a staggering 46%, involved the unauthorized disclosure of sensitive client information, including tax identification numbers, personal cellphone numbers, and residential addresses. Forty-three percent of respondents expressed concern about intellectual property, with prices rising to $173 per document, a significant increase from $156 last year.
The study also found that a significant 35% of data breaches were related to physical incidents, resulting in an additional 16% increase in costs arising from these types of breaches.
Moreover, prolonged breaches that took more time to contain had proven significantly costlier, with instances spanning over 200 days ultimately costing an average of $5.46 million per individual.
Organizations leveraging AI-powered and automation safety tools extensively experienced an average cost savings of $1.88 million per incident, with the total cost of a breach dropping to $3.84 million. Firms without AI and automation adoption have reported average losses of $5.72 million. They experienced a significant decrease in prices following a breach valued at $4.64 million, which was further exacerbated by restrictive AI usage and automation limitations.
The IBM study examined the use of artificial intelligence (AI) and automation across four key areas of safety operations: prevention, detection, investigation, and response. These comprised assault floor management, red-teaming, and posturing administration.
Two-thirds of the surveyed individuals reported deploying their safety operation centers, a 10% increase over the previous year. While 31% of respondents leveraged AI and automation extensively in their safety protocols, another 36% incorporated these technologies to some extent. Only approximately one-third of businesses currently utilize artificial intelligence or automation in their operations.
Companies that had incurred significant losses were able to reduce these losses by an average of approximately $3.38 million after engaging with regulatory enforcement agencies, down from an initial loss of $1 million. In accordance with IBM standards, this excludes the amount paid as ransom and quantifies the remainder. Implementing regulatory oversight resulted in a significant reduction of investigation duration, with the average time taken to detect and respond to breaches decreasing from 297 days to 281 days.
According to recent statistics, nearly two-thirds (63%) of individuals whose computers were attacked by ransomware were able to recover their data without having to pay the demanded ransom after seeking assistance from law enforcement agencies.
Without effective regulatory oversight, organisations on average suffered losses of approximately $5.37 million per attack, not including ransom payments.
Sixty-three percent of businesses that experienced breaches this year revealed their willingness to pass on costs incurred from the incident to customers, a notable increase from the 57% who took similar measures last year, with a greater number planning to raise prices for goods and services as a result.
Organisations experiencing extreme or severe staffing shortages incurred significantly higher breach costs as a result, incurring losses totalling $5.74 million, compared to $3.98 million for those with low or no staffing gaps.
While 63% of respondents plan to increase their safety spending, a notable uptick from 51% in the previous year, training for workers emerged as the primary allocation target.
A total of 55% of respondents planned to invest in incident response planning and testing, while 51% cited risk detection and response technologies as a priority. Around 42% of respondents would be willing to invest in identity and entry management, while approximately 34% would do so for knowledge security measures.
“Caught in a vicious cycle of breaches, containment, and fallout response, companies are increasingly forced to prioritize security investments and shift the costs of these incidents to customers – effectively making safety the new cost of doing business,” said Kevin Skapinetz, Vice President of Strategy and Product Design for IBM Security. As generative AI rapidly infiltrates organizations, exponentially escalating the attack surface, these costs will swiftly become unsustainable, prompting companies to reevaluate their security protocols and crisis management strategies.
To stay ahead of the curve, Skapinetz advises organizations to invest in developing the talent needed to address the challenges and opportunities arising from generative AI.
