Skip to main content
close search
site logo
Dive Brief

Global data breach costs reach all-time high of $4.9M, IBM says

U.S. organizations led the world with the highest average data breach cost, a dubious distinction it has earned for the 14th straight year.

Published July 30, 2024
Matt Kapko's headshot
Senior Reporter
A digital blue fingerprint lifted being lifted off a mirrored surface against a black background. Binary code makes up the fingerprint.
Compromised credentials claimed the top initial attack vector and root cause of data breaches this year, accounting for 16% of the breaches IBM studied. Just_Super via Getty Images

Dive Brief:

  • Data breaches are painfully expensive and the cost for impacted businesses has grown every year since 2020. The global average cost of a data breach is nearly $4.9 million this year, up nearly 10% from almost $4.5 million in 2023, IBM said Tuesday in its annual Cost of a Data Breach report.
  • U.S. organizations led the world with the highest average data breach cost of almost $9.4 million, a dubious distinction it has earned for the 14th straight year. Businesses in the Middle East, the Benelux countries, Germany and Italy rounded out the top five.
  • Healthcare was far and away the costliest industry for data breaches — as it’s been since 2011 — with an average breach cost of almost $9.8 million, the report found. That's a decrease from last year's $10.9 million for the sector.  

Dive Insight:

Compromised credentials claimed the top initial attack vector and root cause of data breaches this year, accounting for 16% of the breaches IBM studied. Phishing attacks were a close second at 15% of the breach cases studied.

Cybersecurity professionals, threat hunters and incident response firms have been sounding the alarm over poor identity governance for years. Systems with weak or no credentials were the top initial access vector, accounting for 47% of cloud environment attacks during the first six months of 2024, according to a Google Cloud report earlier this month.

Compromised credentials were at the root of a spree of attacks in April targeting more than 100 Snowflake customer environments, resulting in massive data breaches at AT&T, Advance Auto Parts, Pure Storage and other organizations.

Credential-based attacks also exacerbated the financial impact for victim companies because they took longer to identify and contain, IBM’s report found. Attack identification and containment time for breaches attributed to stolen or compromised credentials reached an average combined time of 292 days.

Data breaches that took more than 200 days to identify and contain had the highest average cost at nearly $5.5 million, IBM said. 

The report, based on research conducted by Ponemon Institute and analyzed by IBM Security, included details on more than 600 organizations across 16 countries and regions impacted by data breaches between March 2023 and February 2024 and interviews with more than 3,500 security and business leaders.

Filed Under: Breaches

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell