IBM published its 19th annual Cost of a Data Breach Report on Tuesday, revealing a 10% increase in global average data breach costs between 2023 and 2024, the largest year-over-year increase since the COVID-19 pandemic.
The average cost of a data breach reached $4.88 million in 2024, as cyberattacks became more disruptive, involved more data spread across multiple environments, and were exacerbated by severe staffing shortages.
On the bright side, AI-driven and automated security solutions and engagement with law enforcement increased the speed of recovery and decreased data breach costs for many organizations.
The IBM Cost of a Data Breach 2024 report is based on research conducted by the Ponemon Institute and includes data from 604 organizations that suffered a breach between March 2023 and February 2024.
Researchers also conducted interviews with 3,556 security and business leaders about data breaches at their organizations.
Staff shortages and ‘shadow data’ drive up breach costs
Cybersecurity staffing and budget shortages have haunted many organizations in recent years, and the lack of resources led to an average $1.76 million higher data breach cost at organizations with “high-level” shortages compared with organizations with low-level or no shortages. Overall, more than half of organizations studied faced high-level understaffing issues, a 26.2% increase from the previous year.
Another source of increased breach costs and slowed recovery times was difficult-to-track “shadow data” stored across multiple environments such as public and private clouds.
More than one-third of breaches studied involved this less visible data, and the cost of breaches involving shadow data were on average 16.2% higher than those without similar visibility issues. Breaches involving shadow data also took an average of 291 days to identify and contain, nearly 25% longer than other breaches.
Data visibility gaps across several environments contributed to a 27% increase in the theft of intellectual property (IP) over the past year, with the costs of stolen records rising 11% to $173 per record, according to IBM.
AI, automation and engagement with law enforcement improve breach outcomes
AI and automated security solutions continue to rise in popularity, with 67% of the organizations studied having deployed these solutions — nearly 10% more than the previous year. Organizations integrating AI and automation into their security systems saw an average savings of $1.88 million after a breach compared with organizations not using AI and automation and recovered 98 days faster on average.
Overall, organizations benefited when a breach was detected by internal security systems or personnel, which shortened the length of data breaches by 61 days and saved organizations $1 million on average. By contrast, breaches first disclosed by the attacker, such as a ransomware group, had an average cost of $5.53 million — more than 13% higher than the average.
Organizations affected by ransomware had better outcomes when they engaged law enforcement, the report found, saving nearly $1 million on average. Only about 52% of organizations studied chose to involve law enforcement, but 63% of those that did managed to avoid paying a ransom.
Recommendations to lower data breach costs
Better data visibility, smart use of AI and automated security solutions and improved cyber response training can help organizations rein in the costs of cyberattacks, IBM concluded.
When managing multiple different cloud-based and on-premises data repositories, organizations should ensure they are keeping up-to-date inventories of their data storage and properly managing access to each of these repositories. Solutions such as data security posture management (DSPM) and identity access management (IAM) systems can help prevent “shadow data” compromise.
AI, including generative AI, can improve productivity and security, and pose a potential risk due the expansion of an organization’s attack service as they adopt more AI technologies. IBM recommended strategically implementing AI and automated solutions to improve detection capabilities while also employing clear policies and frameworks to deploy AI safely, especially avoiding “shadow AI” that can lead to further data exposure.
Finally, improved cyber response training that acknowledges the changing threat landscape — which includes increased attacks against cloud systems and AI applications — can better prepare organizations to prevent, detect and mediate attacks.
“By investing in response preparedness, organizations can help reduce the costly, disruptive effects of data breaches, support operational continuity and help preserve their relationships with customers, partners and other key stakeholders,” the report concluded. “Moreover, rehearsed response reassures employees and reduces stress, distress and friction internally as the acute stages of an attack are handled, controlled and communicated by a well-prepared leadership team.”