The latest edition of IBM’s annual “Cost of a Data Breach” report was recently published. As in previous years, the Ponemon Institute was responsible for collecting the data for the report, which shows that a data breach currently costs companies USD 4.88 million on average.
This represents an increase of more than ten percent over the previous year and the biggest rise since the COVID-19 pandemic. The spike is largely due to increased costs of USD 2.8 million for lost business and post-breach activities, the highest combined amount recorded over the past six years.
Malicious insider attacks proved even more costly, averaging USD 4.99 million. Other attack vectors for which companies faced eye-watering costs included attacks targeting corporate emails (business email compromise, or BEC), phishing, social engineering and stolen or compromised credentials. When it comes to phishing, gen AI is increasingly becoming a problem, as it makes it easier for non-native speakers to also produce grammatically correct and plausible phishing messages.
Lasting an average of 292 days, breaches involving stolen credentials took the longest to identify and contain. A similar length of time was required to resolve attacks using similar attack vectors which focused on taking advantage of employees and their credentials. Phishing attacks, for instance, lasted 261 days on average, while social engineering attacks took 257.
Considering verticals, the industrial sector suffered the biggest increase in costs, rising by USD 830,000 per breach on average compared with the previous year. Moreover, the time taken to identify a breach (199 days) and the time needed to contain it (73 days) was higher at industrial organizations than the median across sectors.
Almost half of all data breaches (46%) involved customer personal identifiable information (PII) such as email or home addresses, phone numbers and tax ID numbers. Intellectual property (IP) records were not far behind at 43%. Compared with the previous year, the costs for IP breaches rose substantially from USD 156 to USD 173 per stolen record.
More than a third of the data breaches registered (35%) involved so-called shadow data. Researchers found that this correlated to a 16% higher cost for a breach. According to the market researchers, storing data across a variety of environments is a common strategy and accounts for 40% of breaches. Like the theft of “shadow data”, these breaches took longer to identify and were more difficult to contain. Data stored in just one type of environment was found to be breached less often.
More than half of the companies surveyed by Ponemon complained of a critical shortage of skilled security staff, an increase of 26.2% compared with 2023. This corresponded to an additional USD 1.76 million in costs for data breaches on average.
Click here to register and download the full “Cost of a Data Breach Report 2024”.
Find out more about Retarus’ Secure Email Platform on our website or directly from your local Retarus representative.
