Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs.

The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the 18th annual Cost of a Data Breach Report. A leading benchmark study in the security industry, the report is designed to help IT, risk management and security leaders identify gaps in their security posture and discover what measures are most successful at minimizing the financial and reputation damages of a costly data breach.

The 2023 edition of the report draws analysis from a collection of real-world data breaches at 553 organizations, with thousands of individuals interviewed and hundreds of cost factors analyzed to create the conclusions in the report. (The breaches studied occurred between March 2022 and March 2023, so mentions of years in this post refer to the year of the study not necessarily the year of the breach.)

Explore the report

Top findings from the Cost of a Data Breach report

Below are some of the top findings from the 2023 Cost of a Data Breach Report.

1. Security AI and automation, a DevSecOps approach, and incident response (IR) plans led the way in cost savings. Some of the most effective security tools and processes helped reduce average breach costs by millions of dollars, led by security AI and automation. Those that used security AI and automation extensively saved an average of $1.76 million compared to those that had limited or no use. Meanwhile, organizations in the study that had robust approaches to proactive security planning and processes also reaped large benefits. A high-level use of a DevSecOps approach (a methodology for integrating security in the software development cycle) saved organizations an average of $1.68 million. And a high-level use of incident response (IR) planning and testing of the IR plan was also advantageous, leading to reduced costs of $1.49 million on average.

2. AI and ASM sped the identification and containment of breaches. Organizations with extensive use of security AI and automation detected and contained an incident on average 108 days faster than organizations that didn’t use security AI and automation. Additionally, ASMs, solutions that help organizations see the attacker’s point of view in finding security weaknesses, helped cut down response times by an average of 83 days compared to those without an ASM.

3. Costs were high and breaches took longer to contain when data was stored in multiple environments. Data stored in the cloud comprised 82% of all data breaches, with just 18% of breaches involving solely on-premises data storage. 39% of data breaches in the study involved data stored across multiple environments, which was costlier and more difficult to contain than other types of breaches. It took 292 days, or 15 days longer than the global average, to contain a breach across multiple environments. Data stored in multiple environments also contributed to about $750,000 more in average breach costs.

4. Organizations with internal teams that identified the breach fared much better at containing the cost. Just 33% of breaches in the study were identified by the organization’s internal tools and teams, while neutral third parties such as law enforcement identified 40% of breaches and the remaining 27% of breaches were disclosed by the attackers, such as in a ransomware attack. However, those organizations that identified breaches internally saved on average $1 million compared to breaches disclosed by the attackers. Investments in security were led by IR planning and testing, employee training and threat detection and response tools. Although just 51% of organizations said they increased security investments after the breach, those that did increase investment focused on areas that were effective at containing data breach costs, for a significant ROI, according to the study. 50% of those organizations plan to invest in IR planning and testing; 46% in employee training; and 38% in threat detection and response tools such as a SIEM.

Next steps

There’s a lot more quality research in the Cost of a Data Breach Report, but the most valuable component is the security recommendations from IBM Security experts, based on findings from the report.

View our security recommendations on the report landing page, where you can also register to download the full report.

Finally, hear directly from our experts in a special webinar detailing the findings and offering security best practices. Sign up for the webinar on August 1, 2023.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today