According to IBM Data Breach Report: The global average cost of a data breach increased to $4.45 million in 2023

The global average cost of a data breach increased to $4.45 million in 2023, representing a $100,000 rise from 2022 and a 2.3% increase from the previous year's average of $4.35 million. This signifies a 15.3% increase since 2020 when the average total cost was $3.86 million according to the 2023 IBM data breach report.

The average cost per record involved in a data breach was $165 in 2023, slightly up from $164 in 2022. Notable increases in average per-record costs occurred between 2020 and 2021, rising from $146 to $161 (10.3%). The study focused on breaches involving 2,200 to 102,000 records. Japan moved up to the top five most expensive countries for data breaches, while the United Kingdom experienced a significant cost drop, placing just outside the top five. The United States had the highest average total cost at $9.48 million, followed by the Middle East at $8.07 million.

In terms of specific countries, the average total cost of a data breach decreased in Canada by 9%, in Germany by 3.7%, and slightly in Japan by 1.1%.

For the 13th consecutive year, healthcare continued to have the highest data breach costs, increasing from $10.10 million in 2022 to $10.93 million in 2023, showing an 8.2% increase. The healthcare sector's breach costs have grown by 53.3% over the past three years, driven by factors such as industry regulation and its status as critical infrastructure, particularly during the COVID-19 pandemic.

The industries with the highest breach costs saw changes, with technology dropping out of the top five and the industrial sector entering with a 5.8% increase. Manufacturing was identified as the industry most frequently targeted by cybercriminals according to IBM threat intelligence.

The mean times to identify and contain breaches remained relatively stable. The mean time to identify a breach decreased slightly from 207 days in 2022 to 204 days in 2023, while the mean time to contain a breach increased from 70 days in 2022 to 73 days in 2023. The highest mean times for both identifying and containing breaches occurred in 2021, at 212 and 75 days, respectively.

The report provides detailed insights into data breaches in 2023, highlighting the following key points:

Costliest and Most Common Record Compromised: Customer and employee Personal Identifiable Information (PII) were the most expensive and common types of records compromised. In 2023, compromising customer PII, such as names and Social Security numbers, cost organizations $183 per record, followed closely by employee PII at $181 per record. Anonymized customer data was the least expensive type, costing $138 per record.

Common Breach Types: Customer PII remained the most frequently compromised record type, making up 52% of all breaches, a 5% increase from 2022. Employee PII was the second most compromised record type, accounting for 40% of breaches, a significant increase from its 26% share in 2021. Compromised intellectual property increased by 3% from 2022, while anonymized data dropped 7%. Other corporate data, such as financial information and client lists, increased from 15% in 2022 to 21% in 2023.

Initial Attack Vectors: Phishing and stolen or compromised credentials were the most common initial attack vectors, contributing to 16% and 15% of breaches, respectively. Phishing surpassed stolen credentials as the most common vector. Cloud misconfiguration initiated 11% of attacks, followed by business email compromise at 9%. For the first time, the report examined both zero-day and known, unpatched vulnerabilities as sources of breaches, revealing that over 5% of breaches originated from unpatched vulnerabilities.

Costly Attack Vectors: Malicious insiders initiated only 6% of attacks but were the most expensive, costing an average of $4.90 million per breach, 9.6% higher than the global average of $4.45 million. Phishing was the second most expensive vector at $4.76 million, while breaches due to system errors were the least expensive at an average of $3.96 million.

Time to Resolve Breaches: Breaches initiated by stolen or compromised credentials and malicious insiders took the longest to resolve, requiring nearly 11 months (328 days) and about 10 months (308 days), respectively. These vectors were also responsible for the costliest breaches. The overall mean time to identify and contain a breach was 277 days or just over nine months.

Identification of Breaches: 40% of breaches were identified by third parties, while 33% were discovered by internal teams and tools. Additionally, 27% of breaches were disclosed by attackers as part of ransomware attacks.

Impact of Attack Disclosures: Breaches disclosed by attackers had an average cost of $5.23 million, which was $930,000 more than breaches identified through internal security teams or tools. These breaches also cost 16.1% or $780,000 more than the global average cost of a breach in 2023.

Cost Amplifiers: The report analyzed 27 cost amplifiers. The highest impact factors were security skills shortage, security system complexity, and noncompliance with regulations. Organizations with high levels of these factors had significantly higher average breach costs compared to the global average.

The report also identified the three most impactful cost mitigators among the 27 factors analyzed:

DevSecOps Approach: Organizations that adopted a DevSecOps (Development-Security-Operations) approach experienced significantly lower breach costs. Comparing organizations with high levels of DevSecOps adoption to those with low usage, the average cost difference was $1.68 million or 38.4%. High-level DevSecOps adopters had an average breach cost of $3.54 million, which was $910,000 or 22.8% lower than the overall average cost. In contrast, organizations with low DevSecOps adoption had an average cost of $5.22 million, a significant increase of $770,000 or 15.9% compared to the average.

Incident Response (IR) Planning and Testing: Organizations with comprehensive IR planning and testing had notably lower breach costs. Comparing those with high levels of IR planning and testing to those with little to no preparation, there was a cost difference of $1.49 million or 34.1%. The former had an average breach cost of $2.89 million, significantly lower by $1.49 million compared to the overall average cost.

Employee Training: High levels of employee training had a positive impact on reducing breach costs. Organizations with substantial employee training saw a cost difference of $1.5 million or 33.9% when compared to those with lower levels. The former had an average cost of $2.95 million, which was $1.5 million or 33.9% lower than the global average cost.

The IBM 2023 Data Breach Report highlights significant insights regarding ransomware and destructive attacks:

Prevalence of Ransomware and Destructive Attacks: In 2023, ransomware and destructive attacks accounted for a substantial portion of malicious attacks, representing 24% and 25% of such attacks, respectively. The report analyzed the lifecycle of these breaches and examined the implications of paying ransoms compared to not paying. The cost of the ransom was excluded from calculating the overall breach cost.

Attack Distribution: Destructive attacks causing system inoperability constituted 25% of attacks, while another 24% involved ransomware. Business partner attacks contributed to 15% of incidents, and software supply chain attacks made up 12% of the total.

Increased Ransomware Attack Costs: The average cost of a ransomware attack in 2023 was $5.13 million, reflecting a 13% increase from the 2022 average of $4.54 million. Similarly, the average cost of a destructive attack in 2023 was $5.24 million, marking a 2.3% increase from the 2022 average of $5.12 million.

Effect of Automated Response Playbooks: Organizations equipped with automated response playbooks or workflows designed for ransomware attacks could contain such breaches in 68 days, 16% faster than the 80-day average for organizations without such systems.

Impact of Paying Ransoms: Paying ransoms during a ransomware attack resulted in minimal cost savings. Organizations that paid the ransom experienced only a slight difference in total cost ($5.06 million) compared to those that did not pay ($5.17 million), representing a 2.2% cost difference. However, this calculation excluded the ransom amount itself. Given the high cost of ransoms, paying often led to higher overall expenses. The data showed that paying ransoms has become progressively less advantageous, with an 82.5% decrease in savings between the 2022 and 2023 reports.

The 2023 Data Breach Report by IBM provides detailed insights into data breaches:

Breach Location and Impact: 39% of breaches involved data stored across multiple environments, while 27% involved data stored in the public cloud. The number of breaches across multiple environments surpassed the combined percentage of breaches occurring only in private cloud or on-premises environments. Data breaches across multiple environments had the highest cost, reaching $4.75 million, which was 17.6% higher than breaches in a private cloud environment ($3.98 million) and exceeded the average cost of a data breach ($4.45 million) by 6.5%.

Breach Lifecycle and Environment: Data breaches across multiple environments resulted in longer lifecycles, taking 291 days to identify and contain breaches. This timeframe exceeded the shortest time for breaches in a private cloud environment (235 days) by 56 days (21.3%). The use of multiple environments also surpassed the reported average time to identify and contain a breach (277 days) by 14 days (4.9%).

Post-Breach Security Investment: Despite the increasing global cost of data breaches, organizations' responses were divided regarding increased security investments after a breach. 51% of respondents indicated they planned to invest more in security after an incident. The most common investment after a breach was in Incident Response (IR) planning and testing, with 50% of organizations increasing spending. Employee training closely followed, with 46% of organizations investing more in this area. Threat detection and response technologies ranked third at 38%. Notably, these top investments align with factors associated with lower data breach costs. Insurance protection was the least common post-breach investment, chosen by only 18% of respondents.

The report delves into processes and tools that have proven effective in reducing the impact of data breaches:

Incident Response (IR) Strategies: Combining the formation of an IR team with testing the IR plan significantly reduced the duration of a data breach. Organizations that used both strategies had a breach identification and containment time of 252 days, compared to 306 days for organizations that used neither approach. Testing the IR plan alone reduced the breach lifecycle by 48 days (17%).

Threat Intelligence: Organizations using threat intelligence identified breaches 13.9% faster than those without, representing a 28-day difference. Threat intelligence users identified breaches 8.2% faster than the global mean time to identify (204 days), while non-users took 5.7% longer.

Vulnerability and Risk Management: Proactive risk-based vulnerability management, including vulnerability testing, penetration testing, and red teaming, led to lower data breach costs compared to relying solely on CVE scores. Organizations prioritizing risk-based analysis had a lower average breach cost of $3.98 million (18.3% lower) compared to those relying on CVE scores ($4.78 million).

Attack Surface Management (ASM): Organizations deploying an ASM solution identified and contained data breaches 75% faster than those without. With ASM, the total time to identify and contain a breach reduced by 83 days (about 12 weeks), with breaches identified and contained in 254 days.

Managed Security Service Providers (MSSPs): Partnering with MSSPs led to a 21% shorter breach lifecycle compared to organizations without MSSP assistance. Organizations with an MSSP identified breaches 8.2% faster (16 days) and contained them 14.7% faster (10 days) compared to the reported global averages.

The report presents a set of detailed recommendations to help organizations reduce the impact and cost of data breaches:

1. Build Security into Software Development and Deployment:

• Adopt a DevSecOps approach to integrate security into every stage of software development and deployment.
• Apply secure by design and secure by default principles to ensure security is a core consideration from the outset.
• Regularly test applications through penetration testing to identify and address vulnerabilities before they lead to breaches.

2. Modernize Data Protection across Hybrid Cloud:

• Focus on gaining visibility and control over data spread across hybrid cloud environments.
• Prioritize strong encryption, data security, and data access policies.
• Utilize data security technologies that work across various platforms and services.

3. Use Security AI and Automation:

• Embrace security-focused AI and automation technologies to enhance speed, accuracy, and efficiency.
• Embed AI and automation throughout threat detection and response tools to detect and contextualize threats effectively.
• Leverage AI-driven data security and identity solutions for proactive security measures.

4. Strengthen Resiliency through Attack Surface Knowledge and IR Practices:

• Gain a thorough understanding of your organization's attack surface and vulnerabilities.
• Prioritize IR planning and testing, including tabletop exercises and simulations.
• Form a dedicated IR team and regularly test IR plans to ensure swift and effective response.
• Consider having an IR vendor on retainer to accelerate breach response efforts.
• Implement network segmentation practices to limit the spread of attacks and reduce damage.

‍

The report emphasizes the importance of implementing security processes and procedures to prevent and mitigate data breach risks.

‍

The BitsProof security professional services team offers an extensive array of benefits dedicated to minimizing and preventing potential data breaches. With a team of experts boasting specialized expertise, extensive experience, and up-to-date insights into evolving cyber threats, BitsProof is capable of swiftly enhancing incident response, delivering threat intelligence, harnessing advanced tools, and establishing proactive risk management strategies.

By proactively partnering with BitsProof, companies can significantly improve their breach prevention and mitigation efforts. The potential for substantial cost savings through these measures underscores the immense value of such a partnership in contrast to the complexities and costs associated with handling an actual breach.

‍