Executive Summary
The “Cost of a Data Breach Report 2023” is an annual report by IBM Security. The report provides organisations with valuable insights into the financial and operational impacts of data breaches. By quantifying the costs associated with breaches, organisations can make informed decisions about their security strategies.
In 2023, the Ponemon Institute conducted research, with sponsorship, analysis, and publication by IBM Security. The 2023 report analyzed 553 breaches across 16 countries and 17 industries that occurred between March 2022 and March 2023. It reveals several key findings, such as the fact that the average cost of a data breach reached a record high of $4.45 million in 2023, representing a 2.3% increase from 2022 and a 15.3% increase from 2020.
We recommend decision makers delve into the full report. The report could help you gain a comprehensive understanding of the financial and operational implications of data breaches. You can then leverage these insights to enhance your organisation’s security strategies.
Please find below the key findings of the report.
Consequences
- Average Total Cost of a Breach: In 2023, the average cost of a data breach reached an all-time high of USD 4.45 million, marking a 2.3% increase from 2022 and a 15.3% increase from 2020.
- Lost Business Costs: Lost business costs decreased to USD 1.30 million in 2023, while detection and escalation costs rose to USD 1.58 million.
- Increased Costs of Services and Products: 57% of organisations reported that data breaches led to an increase in the pricing of their business offerings.
- Types of Records Compromised: Customer PII was the most commonly and costliest compromised record type, with an average cost of USD 183 per record.
Preparedness
- Impact of Security AI and Automation: Organisations utilising security AI and automation extensively reported, on average, 108 days shorter breach identification and containment times and USD 1.76 million lower data breach costs compared to those not using these capabilities.
- DevSecOps Adoption: High levels of DevSecOps adoption led to cost savings of USD 1.68 million compared to organisations with low or no adoption.
- Incident Response (IR) Planning and Testing: Organisations with high levels of IR planning and testing saved USD 1.49 million compared to those with low levels.
- Security System Complexity: High levels of security system complexity resulted in an increased average data breach cost of USD 5.28 million, a 31.6% increase.
Identification & Response
- Breach Identification: Only one-third of companies detected breaches through their internal security teams, while the rest were reported by external parties or attackers. Data breaches that were disclosed by attackers were the most costly, taking longer to identify and contain. They costed nearly USD 1 million more than those detected internally.
- Initial Attack Vectors: Phishing and stolen or compromised credentials were the most prevalent attack vectors. On the other hand, attacks initiated by malicious insiders were the costliest.
- Ransomware Attacks and Law Enforcement Involvement: Organisations that did not involve law enforcement in ransomware attacks experienced additional costs of USD 470,000 and a 33-day longer breach lifecycle.
- Breach Lifecycle: Breaches that were identified and contained in less than 200 days cost USD 3.93 million on average, compared to USD 4.95 million for those taking longer than 200 days, indicating a significant cost difference.
- Mean Times to Identify and Contain Breaches: The mean times to identify and contain breaches saw only marginal changes from 2022, with 204 days to identify and 73 days to contain breaches in 2023.
- Resolution Time for Different Attack Vectors: Breaches resulting from stolen or compromised credentials and those initiated by malicious insiders took the longest to resolve, averaging nearly 11 months and 10 months, respectively.
Key Targets
- Cost of a Data Breach by Industry: Since 2020, data breach costs in the healthcare industry have increased by 53.3%, with an average cost of USD 10.93 million in 2023. Please see below the top 5 industry data breach costs in 2023 and 2022:
- Cloud Breaches: 82% of breaches involved data stored in the cloud. Furthermore, breaches spanning multiple environments incurred an average cost of USD 4.75 million.
- Cost of a Data Breach by Country: The United States had the highest average total cost of a data breach at USD 9.48 million.
- Impact on Small Organisations: Smaller organisations with 5000 or fewer employees saw significant increases in average data breach costs.
Closing Comments
The “Cost of a Data Breach Report 2023” is helpful for organisations to plan their cybersecurity strategy and tactics effectively. As we can clearly see in the report findings, cybersecurity incidents are costly to the impacted organisations. Moreover, intangible losses like reputation damage could amplify the overall impact.
Obviously, preparedness and reducing attack surfaces lead to more efficient incident responses. Small organisations, in particular, should note the increasing risks and costs of breaches, as they are becoming more frequent targets with potentially severe consequences.
- [CVSS 9+] Devastating Cyberattack by Russian Hackers Hits Denmark’s Energy Sector
- Americans Report over $1B Lost to Impersonation Fraud
- [CVSS 9+] Urgent Security Advisories for Cisco Products
- Rhysida Claims Cyberattack on Children’s Hospital, Demands $3.6 Million
- Microsoft Unveiled New Open-Source OT Security Tool
- WordPress Plugin Flaw Leads to 3,300 Sites Hacked