IBM Report: average cost of a data breach rises to $4.45 million

IBM Report: average cost of a data breach rises to $4.45 million

The annual 'Cost of a Data Breach' report also provides recommendations on how to prevent and mitigate data breaches.

Published on 27th July 2023

Data breach costs rose to $4.45 million per incident in 2023, IBM found in its annual Cost of a Data Breach report. Customer and employee personal identifiable information was the most commonly breached type of data in 2023 and was involved in 52% of all breaches reported.

Average data breach cost rose to $4.45 million per incident

Data breach costs rose to $4.45 million per incident in 2023, up 2.3% from $4.35 million in 2022. Overall, the average cost has increased 15.3% from the $3.86 million average in 2020.

In addition, one in three companies discovered a data breach themselves, as opposed to 67% of breaches reported by a third party or by the attackers.

Last year, IBM saw detection and escalation costs increase, indicating that it was taking longer to investigate breaches. On average, it took 277 days for organizations to detect a breach and return to normal service. This trend has continued in 2023, with the costs of detection and evaluation rising 9.7% to $1.58 million. Lost business cost dropped the most, by 8.5% to $1.30 million.

Cost was calculated using four areas of financial impact:

In the U.S., the average cost of a data breach was $9.48 million, which was the highest globally. The U.K. saw a 16.6% drop in cost from $5.05 million to $4.21 million.

Cloud data is involved in most breaches

The way in which an organization distributed data across its cloud environments was found to make a difference: 82% of breaches involved data stored in public, private or a combination of multiple clouds. In 39% of cases, breaches crossed multiple cloud environments and ran a higher-than-average penalty of $4.75 million.

Trickle-down costs decrease slightly

Customers may feel the impact of data breaches. A slight majority (57%) of organizations increased the prices of their business offerings after a data breach — down slightly from 60% in 2022.

How business leaders can avoid data breaches

IBM recommended the following tips for business leaders trying to prevent data breaches.

Build security into all stages of development

Business leaders should keep in mind the importance of providing resources to help developers work under secure-by-design principles, making sure security comes into play in the initial design phase of major technology changes.

App developers who build cloud-native applications can reduce attack surfaces and bolster user privacy in the cloud. Building security into applications during development will also help organizations keep up to date with regulations, IBM said.

Keep an eye on your hybrid cloud

Organizations should be sure they have strong encryption, data security and data access policies when storing data across multicloud and hybrid cloud environments. Organizations would be well-served by looking into data security and compliance tools that can protect data as it moves.

In addition, data activity-monitoring solutions can help security teams gain insight into their data stores and enforce policies automatically. IBM recommended data security posture management, which is a newer service that can identify vulnerable data across structured and unstructured assets within cloud service providers, software-as-a-service properties and data lakes.

Consider how AI and automation make a difference

AI is trendy right now, but it has proven itself in the numbers, IBM found. Companies using extensive security AI and automation were found to have a $1.76 million lower data breach cost on average, as well as a 108-day shorter time to identify and contain the breach.

Security tool sets that can benefit from AI and automation include:

IBM also noted that it’s important to use a trusted service that will not introduce bias or blind spots.

“It’s crucial to ensure that the data used to train the AI models is widely diverse and void of bias–that the models are transparent, explainable, and free from drift; and that they are trained continuously–the same way continuous learning is essential for humans,” said Sridhar Muppidi, CTO, IBM Security, in an email to TechRepublic. He pointed out three important elements to keep in mind when choosing an an AI-enhanced or automated security solution:

Generative AI in particular is too new for anyone to be certain what the impact on security will be overall, Muppidi said. However, he anticipates it is “poised to give a substantial edge to our ability to detect accurately and respond faster to breaches.”

“When you look at the mean time to detect and contain a data breach, [generative] AI will become a force multiplier for both stages, to optimize threat operations and analyst’s time,” he said.

Focus on incident response

A dedicated incident response team or partner can make a big difference. Organizations with mature, high levels of incident response had on average $1.49 million lower data breach costs, compared to organizations with low levels or none, and resolved incidents 54 days faster.

For an added layer of security, network segmentation complements diligent incident response well. Incident response can also be boosted by training security teams on simulated breach scenarios or penetration testing.

51% of survey respondents said they planned to increase security investments after a breach. Incident response, planning and testing, employee training, and threat detection and response technologies were the most desirable areas for additional investment.


The latest updates straight to your inbox

We just need a few details to get you subscribed

Health Checks

Inventory & Compliance

Cloud Readiness & Optimisation

Agreement & Audit Support


Looking for something specific?

Let's see what we can find - just type in what you're after

Wait! Before you go

Have you signed up to our newsletter yet?

It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!

Cookie Notice

Our website uses cookies to ensure you have the best experience while you're here.