IBM’s annual 2024 Cost of a Data Breach report has revealed that the average cost of data breaches has reached an all-time high of $4.88 million, marking a 10% increase from the previous year.
The report, based on data from 604 organisations worldwide, underscores the increasing disruption caused by cyberattacks and the mounting pressure on cybersecurity teams.
The significant rise in data breach costs is primarily attributed to lost business and the expenses incurred in post-breach customer and third-party responses. As data breaches become more disruptive, recovery times have also lengthened, with some incidents taking over 100 days to resolve. Over the past six years, the combined cost of lost business and post-breach activities has reached $2.8 million.
Challenges of Multi-Environment Data Storage
The report highlights that storing data across multiple environments—such as public cloud, on-premises, and private cloud—increases vulnerability, with 40% of breaches involving such setups. In contrast, breaches are less frequent in organisations that confine their data to a single environment. Additionally, shadow data—unregulated or unnoticed data—was a factor in one-third of all breaches, reflecting the challenges of tracking and safeguarding the rapidly growing volume of data.
The report found that 46% of data breaches involved the compromise of personal identifiable information (PII), including emails, phone numbers, and home addresses. There was also a significant 43% increase in breaches affecting intellectual property (IP) records compared to 2023. The cost per compromised record has risen to $173 in 2024, up from $156 the previous year.
Phishing and social engineering attacks, which exploit employee access, were particularly persistent, taking an average of 261 and 251 days, respectively, to resolve. Malicious attacks by external threat actors or criminal insiders accounted for 55% of all breaches, while IT failures and human error were responsible for 23% and 22% of incidents, respectively.
Understaffed Security Teams Amplify Costs
Staffing shortages within cybersecurity teams have exacerbated the impact of data breaches, with organisations experiencing an additional $1.76 million in breach costs due to understaffing. The skills gap in cybersecurity has grown by 26% compared to 2023, further straining companies’ abilities to respond to cyber threats effectively.
Despite the increasing adoption of Generative AI (GenAI) security tools, which aim to enhance productivity and efficiency, the skills shortage remains a significant challenge. Analyst firm IDC predicts that by 2026, over 90% of organisations will be affected by the IT skills crisis, leading to potential losses of $5.5 trillion due to product delays, reduced competitiveness, and lost business.
Over the past year, two-thirds of organisations have implemented AI security solutions and automation tools, representing a notable shift in the industry. Organisations using AI and automation in their security prevention efforts have seen a significant reduction in breach costs—up to $2.2 million less than those not using AI. Employee training, combined with AI and machine learning insights, has emerged as one of the most effective strategies for mitigating breach costs.
However, the implementation and management of these advanced technologies can be challenging, particularly for companies with limited IT resources. The growing complexity of cybersecurity, driven by the expanding use of Internet of Things (IoT) devices, Software as a Service (SaaS) applications, and GenAI models, has broadened the attack surface, putting additional pressure on cybersecurity teams.
The Role of Third-Party IT Consultants
For organisations with small or overstretched IT teams, identifying, implementing, and managing AI and automated security solutions can be daunting. Many are turning to third-party IT consultancies for expertise in advising, implementing, and managing comprehensive cybersecurity defences. These consultants can provide continuous monitoring and a holistic view of an organisation’s security posture, helping to identify and address vulnerabilities before they are exploited by cybercriminals.
With the average cost of a data breach reaching $4.88 million, and internal IT teams already under significant strain, organisations must consider external support to supplement their cybersecurity efforts. Third-party IT consultants can offer a 360-degree, 24/7 overview of an organisation’s security landscape, enabling proactive defence measures and reducing the risk of costly breaches.
As data breaches continue to be a lucrative target for cybercriminals, it is crucial for organisations to stay ahead of potential attacks. Leveraging AI, automation, and threat intelligence, along with the support of specialised IT consultants, can help businesses effectively prevent, detect, and respond to cyber threats in an increasingly complex digital landscape.