Recent research conducted by the Ponemon Institute and IBM Security has unveiled that the global average cost of a data breach has climbed to $4.45 million, and the expenses related to avoiding legal action following a ransomware attack have surged by $470,000.
Surveying 553 organizations across various sectors that were affected by data breaches between March 2022 and March 2023, the study indicated that the healthcare industry, in particular, observed a 53% surge in breach costs since the onset of the COVID-19 pandemic, with expenses tied to health data breaches reaching nearly $11 million.
Importance of the Findings:
The 2023 Cost of a Data Breach Report delved into the origins, immediate and long-term consequences of data breaches, and the technologies and factors that either helped organizations mitigate losses or increased their recovery expenses.
The most prevalent breach method, at 16%, was phishing, closely followed by compromised credentials. In addition to the escalating breach costs, the healthcare sector is grappling with cyberattacks that exploit medical records for extortion.
Only one-third of the studied organizations detected breaches on their own, while 27% had breaches revealed by attackers. The latter group experienced breach cycles nearly 80 days longer than those organizations that detected the breaches earlier.
Meanwhile, the report highlighted that artificial intelligence and automation had a substantial influence on the speed of breach identification and containment among the surveyed entities.
Organizations employing AI experienced a breach cycle that was 108 days shorter compared to those without these technologies – 214 days versus 322 days. Researchers noted that extensive deployment of AI and automation in security significantly reduced data breach costs by almost $1.8 million compared to organizations without such technologies.
The study also revealed that 51% of the impacted organizations intend to enhance their investments in incident response planning and testing, employee training, and threat detection and response technologies.
While defenders managed to thwart a greater percentage of ransomware attacks in the previous year, according to IBM’s 2023 Threat Intelligence Index, this new data breach cost study indicated that adversaries have shortened their average attack completion time.
The report also encompasses:
In-depth analyses, including breach costs based on geographical region and industry
Security recommendations from IBM Security experts
Larger Trend:
In the past year, a study by the Ponemon Institute delved into the direct impact of cyberattacks on patient safety in U.S. hospitals and health systems. This study raised alarm when it disclosed that 20% of those institutions that encountered the four most common cyberattack types reported an ensuing rise in patient mortality rates.
Larry Ponemon, founder, and chairman of the Ponemon Institute, pointed out that the attacks examined in the study exerted significant strain on healthcare organizations’ resources.
“Their result is not only tremendous cost but also a direct impact on patient care, endangering people’s safety and well-being,” he commented.
On the Record:
“Time is the new currency in cybersecurity for both defenders and attackers,” stated Chris McCurdy, General Manager of Worldwide IBM Security Services. “As the report indicates, early detection and rapid response can greatly mitigate the impact of a breach.”