IBM: Data breach cost all-time high, but AI lessens impact

IBM's annual Cost of a Data Breach report
Organisations deploying security AI & automation extensively throughout security operations paid significantly less in data breach costs, IBM report says

The cost of data breaches has reached an all time high - an average of US$4.45m - according to annual research published by IBM.

Data breach costs continue to grow, according to IBM Security’s annual Cost of a Data Breach Report for 2023, reaching a record-high global average, representing a 15% increase over three years. The average figure is up from US$4.35m in last year's report.

While 95% of those surveyed said they have experienced more than one data breach, only 51% said they plan to increase their security investments. Global victims of ransomware attacks that chose not to involve law enforcement faced US$470,000 in extra costs, according to the report.

The role of AI and automation in preventing the impact of data breaches

According to the study, organisations that deployed security AI and automation extensively throughout security operations and within several different toolsets and capabilities – paid significantly less in data breach costs than organisations that did not use these technologies. 

Youtube Placeholder

Below are some of the top findings from the 2023 Cost of a Data Breach Report:

1. Security AI and automation, a DevSecOps approach, and incident response plans led the way in cost savings. Some of the most effective security tools and processes helped reduce average breach costs by millions of dollars, led by security AI and automation. Those that used security AI and automation extensively saved an average of US$1.76m compared to those that had limited or no use.

2. AI and ASM sped the identification and containment of breaches. Organisations with extensive use of security AI and automation detected and contained an incident on average 108 days faster than organisations that didn’t use security AI and automation. Additionally, ASMs, solutions that help organizations see the attacker’s point of view in finding security weaknesses, helped cut down response times by an average of 83 days compared to those without an ASM.

3. Costs were high and breaches took longer to contain when data was stored in multiple environments. Data stored in the cloud comprised 82% of all data breaches, with just 18% of breaches involving solely on-premises data storage. 39% of data breaches in the study involved data stored across multiple environments, which was costlier and more difficult to contain than other types of breaches. It took 292 days, or 15 days longer than the global average, to contain a breach across multiple environments. Data stored in multiple environments also contributed to about $750,000 more in average breach costs.

4. Organisations with internal teams that identified the breach fared much better at containing the cost. Just 33% of breaches in the study were identified by the organisation’s internal tools and teams, while neutral third parties such as law enforcement identified 40% of breaches and the remaining 27% of breaches were disclosed by the attackers, such as in a ransomware attack. However, those organizations that identified breaches internally saved on average US$1m compared to breaches disclosed by the attackers.

“With a 108-day average reduction in the breach lifecycle, security AI and automation may be the driving force needed to help defenders bridge the speed gap with attackers,” Martin Borrett, Technical Director of IBM Security UK & Ireland, said. 

As previously reported by our sister magazine Cyber Magazine, organisations may have already experienced a cyber breach without their knowledge. Vectra AI recently suggested that 71% of organisations may have experienced a data or cyber breach and not know about it, with a report stating that security technologies need to be updated.

The IBM report also found that stolen or compromised credentials was the most common entry point for cyber attackers at 13%. Malicious insiders were the most expensive initial attack vector (£3.9 million/US$5m), followed by business email compromise (£3.86 million/US$4.95m) and phishing (£3.85 million/US$4.94).

Globally, phishing attacks alone have risen by 464% since 2022 which stresses the urgency of combatting increased cyber attacks.


For more insights into the world of Technology - check out the latest edition of Technology Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI MagazineCyber Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.


Featured Articles

AI Adoption Cited as Main Cause of Alphabet's Revenue Spike

Google’s parent company Alphabet reports a near-14% increase in its quarterly revenue, as a result of continued demand for its AI cloud computing services

Worldwide IT Outage: The Pressure on Cybersecurity Vendors

The global IT outage continues to cause disruption for major industries worldwide, highlighting the growing complexities of cloud computing environments

Unleashing the Full Potential of Enterprise IT Investments

Joe Baguley, CTO EMEA at Broadcom, shares his insights into how businesses can revitalise their IT investment strategies in order to boost innovations

Worldwide IT Outage: Industries Face Total Disruption

Enterprise IT

Apple Shares Surge: What This Means for AI Growth Efforts

AI & Machine Learning

Cloud vs AI: Why Enterprises Prioritise Data Management

Cloud & Cybersecurity