chat
expand_more

$4.45 Million: The Cost of a Data Breach in 2023, Says IBM

IBM's Cost of a Data Breach Report 2023 says the global average data breach cost in 2023 was $4.45 million. Protect yourself with Abnormal Security for cloud email.
July 27, 2023

IBM released its hotly anticipated 2023 Cost of a Data Breach Report surveying 553 organizations that experienced a data breach from March 2022 to March 2023. This report is extensive, with participating companies from 16 countries or regions across 17 industries.

Here are a few key findings:

  • The global average data breach cost in 2023 was $4.45 million, a 15% increase over 3 years.

  • In response to a breach, 51% of organizations plan to increase security investments including incident response planning and testing, employee training, and threat detection tools.

  • Only one in three companies discovered the data breach through their own security teams. The remaining 67% were reported by benign third parties or attackers.

  • Breaches discovered from outside the organization cost companies nearly $1 million more compared to internal detection.

If this sounds dire, it is. The frequency and cost of cyberattacks are on the rise.

IBM Report1

Cost of a Data Breach Report 2023

But it’s not all bad news. The report finds that organizations extensively investing in security AI and automation enjoyed an average savings of $1.76 million compared to organizations that didn’t.

The takeaway is clear: The more organizations invest in security technologies that reduce manual workloads and automate crucial processes such as threat detection, the better. Let’s examine some of the costly specifics of data breaches and what organizations can do to better protect themselves.

What Makes a Data Breach So Costly?

There are several reasons why data breaches are so financially damaging, including—costs of remediation, legal and regulatory fines, potential lawsuits and settlements, loss of proprietary information, and disruption of normal business operations.

In addition, the longer the breach goes undetected, the larger the fallout. Companies that discovered the compromise within 200 days lost $3.93 million compared to companies that identified the issue after 200 days with $4.95 million.

Organizations using security AI and automation identified and contained breaches 108 days faster than their peers without these tools, resulting in reduced costs to address the issue. On average, it took 204 days to identify a data breach and another 73 days to contain it in 2023—nearly a full year to detect, investigate, and remediate one of the most damaging security events an organization can experience.

The impacts of a data breach are not evenly distributed across industries. Healthcare is far and away the most impacted sector with $10.93 million in losses in 2023, followed by the financial ($5.90 million), pharmaceutical ($4.82 million), energy ($4.78 million), and industrial ($4.73 million) industries. According to IBM's threat intelligence, manufacturing is the most commonly targeted industry. It is also worth noting that since the COVID-19 pandemic, healthcare has seen higher average data breach costs.

Smaller organizations with fewer than 500 employees suffered higher data breach costs in 2023 ($3.31 million) than in the previous two years ($2.92 and $2.95). While, of course, the largest organizations suffered the most costly breaches due to the size of their data footprints, this cost increase in the small business segment of the market illustrates that attackers—often highly opportunistic operators—will target any and all organizations.

Understanding Your Attack Surface Area

A resounding 82% of breaches involved cloud storage. Interestingly, 39% of breaches spanned multiple cloud environments—including public and private clouds—incurring a higher-than-average cost of $4.75 million.

As remote, hybrid, and dispersed workforces become the norm, organizations naturally lean on cloud-based technologies to foster communication and collaboration. Sadly, attackers see these sprawling environments as prime opportunities for exploitation.

Phishing (16%) and compromised credentials (15%) were the two most prevalent attack vectors for data breaches in 2023. They also ranked among the top four costliest incident types ($4.76 million and $4.62 million) along with malicious insiders (at 6% but costing an average of $4.9 million) and business email compromise (at 9% with an average cost of $4.67 million).

The share of data breaches originating from a software supply chain attack was 12%. Preying on the goodwill between organizations and their suppliers, threat actors using supply chain attacks enjoyed a longer time to detection and resolution (294 days) compared to other attacks (269 days).

But simply knowing your attack surface isn’t enough. Organizations must be able to defend themselves against these costly attacks.

Preventing Data Breaches

IBM stresses that AI and automation dramatically improve security measures, which makes sense when you understand that threat actors use automation and AI tools to launch their attacks too. Plus, AI technologies work faster than a human team ever could.

IBM AI Investments 03

Cost of a Data Breach Report 2023

Yet only 28% of organizations used security AI extensively in 2023. This is an incredibly expensive oversight that causes security teams to miss red flags, experience slow response times, and increase the fallout of a data breach. Robust AI-powered cybersecurity solutions reduce costs and speed up containment efforts.

Innovative technologies like Abnormal use AI and machine learning to create a baseline of normal, known-good behavior across your cloud email environment. Why is this important? By understanding good behaviors, Abnormal proactively identifies bad behaviors that may indicate risks to your cloud-email environment.

Stop bad actors in their tracks to better secure your data, sign-in credentials, and cloud email environments. It’s all about facing risks before they become problems.

Prevent costly data breaches by detecting and mitigating email account takeovers in real time. Explore our Email Account Takeover Protection data sheet or schedule a demo today!

Schedule a Demo
$4.45 Million: The Cost of a Data Breach in 2023, Says IBM

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More
B 2024 ISC2 Cybersecurity Workforce Study Recap
Explore key findings from the 2024 ISC2 Cybersecurity Workforce Study and find out how SOC teams can adapt and thrive amidst modern challenges.
Read More