IBM has released its annual Cost of a Data Breach report, revealing that data breach costs have increased 10% from last year – the largest jump since the pandemic – reaching a global average cost of $4.88 million per breach in 2024.
For the U.S., the news is worse, as they lead the world in the highest average cost of a breach for the 14th year in a row, hitting almost $9.4 million per breach.
The demands of breaches highlighted in the report show cyber teams struggling to keep afloat, with 70% of breached organizations reporting significant or very significant disruption. This includes increased costs, extended recovery time and expanded security measures – costs that are being passed on to customers.
“Businesses are caught in a continuous cycle of breaches, containment and fallout response. This cycle now often includes investments in strengthening security defenses and passing breach expenses on to consumers – making security the new cost of doing business,” said Kevin Skapinetz, Vice President, Strategy and Product Design, IBM Security.
Additional key findings from the report include:
- The average breach cost for healthcare fell 10.6% ($10.97M in 2023), to USD 9.77 million, but still tops the list for costliest breaches by industry.
- When organizations suffered from a high-level shortage of security skills, average breach costs were USD 5.74 million, compared to organizations with a low-level skills shortage, with USD 3.98 million.
- Customer personally identifiable information (PII) was the most commonly compromised data, accounting for 46% of breaches.
- Compromised credentials were the most common attack vector, costing $4.81M per breach, while taking the longest to contain (292 days).
- More organizations stated that they are planning to increase security budgets compared to last year (63% vs. 51%).
- Data visibility gaps have caused a rise (27%) in intellectual property (IP) theft. Costs associated with these stolen records also jumped nearly 11% from the prior year to $173 per record.
- 63% of the breached organizations within the report plan to increase their cost of goods or services– a slight increase from last year (57%).
- 40% of breaches involved data stored across multiple environments, and over 1/3 of breaches involved shadow data (data stored in unmanaged data sources).
The report highlighted the growing challenge with tracking and safeguarding data and stressed the importance for organizations to know their information landscape.
Most organizations distribute data across multiple environments, including on-premises data repositories, private clouds and public clouds. However, many organizations have incomplete or out-of-date data inventories, delaying efforts to discover what data has been breached and how sensitive or confidential it is. These delays can complicate the response and raise the cost of a breach. – page 34
IBM recommends that security teams should ensure they have comprehensive visibility into all these environments, so they can continuously monitor and protect data regardless of where it resides.
Regardless of where the data resides – in transit or at rest – Bluefin helps you process, defend, and devalue sensitive PII and payment data, protecting you and your customers when breaches happen.
Read IBM’s report and contact Bluefin to learn about their solutions to safeguard data.