The 2024 Cost of a Data Breach Report by IBM Security, independently conducted by the Ponemon Institute, highlights a 10% increase in the cost of cybersecurity attacks compared to the previous year, marking the largest annual rise since the pandemic.
The report underscores the significant financial benefits of incorporating artificial intelligence (AI) and automation in defensive cybersecurity measures. Kevin Skapinetz, IBM Security’s vice president, emphasized the importance of AI-driven defenses to counter the emerging risks associated with generative AI.
Organizations that extensively used AI in their security workflows saved an average of $2.2 million in breach costs, the highest cost savings recorded in the annual study. The report, in its 19th year, analyzed data breaches from 604 organizations worldwide between March 2023 and February 2024.
The rapid adoption of generative AI across various industries has expanded attack surfaces and introduced new risks for security teams, making the use of AI in security operations more crucial.
In healthcare, the most impacted industry for the 14th consecutive year, AI and data automation have been integrated with electronic health records and patient portals to streamline operations and reduce administrative burdens.
The report found that 67% of organizations analyzed employed security AI and automation, with a 10% year-over-year increase. These AI tools significantly reduce breach costs, with two-thirds of studied organizations deploying them in their security operation centers.
Law enforcement involvement in ransomware incidents also contributed to cost savings, with victims saving nearly $1 million on average. Despite 70% of breached organizations experiencing significant disruptions, the average data breach lifecycle dropped to a seven-year low of 258 days, thanks to improved threat mitigation and the extensive use of security AI and automation.
These technologies enabled organizations to detect and contain cyber incidents 98 days faster than those without such technologies.
Staffing shortages have exacerbated breach costs, with organizations experiencing high-level shortages facing average costs of $5.74 million compared to $3.98 million for lower-level shortages.
Since last year, there has been a 26% increase in staffing shortages, leading to higher breach recovery expenses. Consequently, more organizations plan to increase security budgets, with 63% intending to address technical resource and skills gaps, and employee training being a top investment area.
Breaches involving data stored across multiple environments, including public and private clouds, took the longest to identify and contain, averaging 283 days and costing over $5 million. Intellectual property theft increased breach costs, driven by a 27% rise in incidents.
Generative AI has pushed data closer to the surface, making compromised credentials a common attack vector. With more activity across various environments, organizations need to reassess their security and access controls.
To manage the financial impact of breaches, 63% of organizations plan to pass increased costs on to consumers, making security an intrinsic cost of business operations. This trend could further impact healthcare access, with rising costs potentially leading to more people postponing necessary medical care.