Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs.

The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the 18th annual Cost of a Data Breach Report. A leading benchmark study in the security industry, the report is designed to help IT, risk management and security leaders identify gaps in their security posture and discover what measures are most successful at minimizing the financial and reputation damages of a costly data breach.

The 2023 edition of the report draws analysis from a collection of real-world data breaches at 553 organizations, with thousands of individuals interviewed and hundreds of cost factors analyzed to create the conclusions in the report. (The breaches studied occurred between March 2022 and March 2023, so mentions of years in this post refer to the year of the study not necessarily the year of the breach.)

Explore the report

Top findings from the Cost of a Data Breach report

Below are some of the top findings from the 2023 Cost of a Data Breach Report.

1. Security AI and automation, a DevSecOps approach, and incident response (IR) plans led the way in cost savings. Some of the most effective security tools and processes helped reduce average breach costs by millions of dollars, led by security AI and automation. Those that used security AI and automation extensively saved an average of $1.76 million compared to those that had limited or no use. Meanwhile, organizations in the study that had robust approaches to proactive security planning and processes also reaped large benefits. A high-level use of a DevSecOps approach (a methodology for integrating security in the software development cycle) saved organizations an average of $1.68 million. And a high-level use of incident response (IR) planning and testing of the IR plan was also advantageous, leading to reduced costs of $1.49 million on average.

2. AI and ASM sped the identification and containment of breaches. Organizations with extensive use of security AI and automation detected and contained an incident on average 108 days faster than organizations that didn’t use security AI and automation. Additionally, ASMs, solutions that help organizations see the attacker’s point of view in finding security weaknesses, helped cut down response times by an average of 83 days compared to those without an ASM.

3. Costs were high and breaches took longer to contain when data was stored in multiple environments. Data stored in the cloud comprised 82% of all data breaches, with just 18% of breaches involving solely on-premises data storage. 39% of data breaches in the study involved data stored across multiple environments, which was costlier and more difficult to contain than other types of breaches. It took 292 days, or 15 days longer than the global average, to contain a breach across multiple environments. Data stored in multiple environments also contributed to about $750,000 more in average breach costs.

4. Organizations with internal teams that identified the breach fared much better at containing the cost. Just 33% of breaches in the study were identified by the organization’s internal tools and teams, while neutral third parties such as law enforcement identified 40% of breaches and the remaining 27% of breaches were disclosed by the attackers, such as in a ransomware attack. However, those organizations that identified breaches internally saved on average $1 million compared to breaches disclosed by the attackers. Investments in security were led by IR planning and testing, employee training and threat detection and response tools. Although just 51% of organizations said they increased security investments after the breach, those that did increase investment focused on areas that were effective at containing data breach costs, for a significant ROI, according to the study. 50% of those organizations plan to invest in IR planning and testing; 46% in employee training; and 38% in threat detection and response tools such as a SIEM.

Next steps

There’s a lot more quality research in the Cost of a Data Breach Report, but the most valuable component is the security recommendations from IBM Security experts, based on findings from the report.

View our security recommendations on the report landing page, where you can also register to download the full report.

Finally, hear directly from our experts in a special webinar detailing the findings and offering security best practices. Sign up for the webinar on August 1, 2023.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today