Dive Brief:
- Data breach costs hit a new high this year, reaching almost $4.5 million per incident on average, representing a more than 15% increase in costs since 2020, according to the annual “Cost of a Data Breach Report” released Monday by IBM Security.
- The investigation phase of data breaches are the fastest growing and costliest category of data breach expenses, contributing to the consistent year-over-year increase in costs. Detection and escalation costs jumped almost 10% to nearly $1.6 million per incident, IBM found.
- “The breadth and depth of incident response investigations are scaling up directly with the overall costs, along with the off tempo of the criminal,” John Dwyer, head of research at IBM Security X-Force, told Cybersecurity Dive.
Dive Insight:
As the complexity of data breaches increase, the pressure to conduct a more thorough investigation to meet insurance, legal and regulatory requirements is growing, Dwyer said.
Speed is a critical factor because the window of opportunity for reducing the cost of data breaches is closing rapidly. This contributes to a direct correlation between how long a threat actor is in the network and how expensive the breach ultimately becomes, Dwyer said.
Phishing and the exploitation of stolen or compromised credentials remain the two most prevalent attack vectors, accounting for 3 in 10 breaches, the report found.
“We haven't fundamentally shifted the goals and objectives of the attacker, which is what we really need to do to inhibit so much cost on them that we can start to reduce the likelihood of more of these extortion-based attacks,” Dwyer said. “We’ve got to make it so expensive for them that it’s not worth it.”
The study, conducted by Ponemon Institute and analyzed by IBM Security, researched more than 550 organizations impacted by data breaches between March 2022 and March 2023.