August 13, 2024 By Doug Bonderud 3 min read

According to the IBM Cost of a Data Breach 2024 report, the average global breach cost has reached $4.88 million — a significant increase over last year’s $4.45 million and the biggest jump since the pandemic.

For financial industry enterprises, costs are even higher. Companies now spend $6.08 million dealing with data breaches, which is 22% higher than the global average.

Here’s what financial organizations need to know about this year’s Cost of a Data Breach report.

2024 at a glance: Time-consuming and costly

Financial firms had the second highest breach cost of any industry; only healthcare attacks were more expensive. Both healthcare and finance saw the same costs for large-scale breaches: When 50 million records or more were compromised, average costs skyrocketed to $375 million.

Malicious attacks remained the top attack vector in finance, at 51%, but IT failures and human error accounted for one-fourth of all attacks, coming in at 25% and 24%, respectively.

In terms of detection time, financial industry organizations took an average of 168 days to identify and 51 days to contain a breach. While this is lower than the global average of 194 days to identify and 64 days to contain, it’s still a significant period of time.

Consider that 168 days works out to just under six months. That’s six months of attackers infiltrating systems, carrying out reconnaissance and compromising accounts.

Read the report

Tracking data breach trends over time

Simply put, costs are going up.

In 2021, the average cost of a data breach for financial firms was $5.72 million. By 2022, it reached $5.97 million and remained stable at $5.9 million for 2023. This year saw a 3% jump in average breach costs, plus a $40-million bump in the cost of 50-million-plus record breaches.

But it’s not all bad news. Detection times are nine days shorter, and containment times are five days faster. In addition, 2024 saw a significant reduction in human error. As noted above, 24% of breach root causes this year were tied to accidental activity. In 2023, meanwhile, this number was 33%.

Where financial firms are investing in security — and how it can help

To help reduce the risk of data breaches, finance firms are spending more on incident response (IR) and identity and access management (IAM). Reduced costs make the impact clear: Companies with IR teams and robust security testing save $248,000 per year on average, while those with IAM solutions save up to $223,000 each year.

The biggest success stories for financial IT investment, however, are AI and automation. According to study data, firms that use AI and automation save an average of $1.9 million compared to those that don’t.

It’s worth noting, however, that just 24% of generative AI initiatives are secured. As a result, it’s critical for financial firms to develop security frameworks for these tools or run the risk of AI becoming an additional threat vector.

The role of regulation in financial security

Both investment and intelligent security management are critical for finance firms, given the scrutiny they face from regulatory agencies and the large number of compliance regulations they need to navigate.

For example, while firms are familiar with anti-money laundering (AML) rules under the Bank Secrecy Act (BSA) and the segregation of duties required by the Sarbanes-Oxley Act, they may encounter challenges with more regional regulations such as CCPR, GDPR and the LGPD. For example, under GDPR, financial organizations could face fines of up to 2% of the previous year’s revenue or 4% if they have already been penalized for a first offense.

Put simply? The costs of a data breach for financial firms go beyond detection, removal and remediation. Delays in finding and eliminating threats can lead to additional regulatory costs that may outpace initial expenses.

As the Cost of a Data Breach 2024 report shows, however, robust investment in IR, IAM and AI can help companies shore up defenses and keep costs down.

More from Data Protection

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today