Average Cost of Data Breach Climbed to Record $4.45 Million Last Year

UnitedHealth Group now estimates that the cyberattack on its Change Healthcare business unit earlier this year will cost the company between $2.3 billion and $2.45 billion. The damage to its reputation and the economic fallout to its clients may be incalculable.

The company is not alone, as the cost of data breaches has reached record levels. IBM Security analyzed the rising expense associated with cyberattacks in its “Cost of a Data Breach Report 2023.”

“Globally, the average cost of a data breach rose to $4.45 million, a $100,000 increase from 2022,” the report says. “This represents a 2.3 percent increase from the 2022 average cost of $4.35 million. Since 2020, when the average total cost of a data breach was $3.86 million, the average total cost has increased 15.3 percent.”

Among the report’s key findings:

• Slightly more than half of organizations plan to increase security investments as a result of a breach. The top areas identified for additional investments include incident response planning and testing, employee training, and threat detection and response technologies.
• Extensive security artificial intelligence (AI) and automation have reduced costs by $1.76 million and minimized time to identify and contain breaches. Organizations that used these capabilities extensively in 2023 identified and contained any breaches they experienced much faster—in 108 days less time, on average.
• Only one-third of companies discovered a data breach through their own security teams, highlighting a need for better threat detection. Two-thirds of breaches were reported by a benign third party or by the attackers themselves. When attackers disclosed a breach, organizations spent nearly $1 million more to mitigate the effects of the attack.
• Not involving law enforcement in a ransomware attack costs organization $470,000 more. Although 63 percent of respondents said they involved law enforcement in their incident, the 37 percent that didn’t paid 9.6 percent more and experienced a 33-day longer breach lifecycle.
• Since 2020, healthcare data breach costs have increased by 53.3 percent. The highly regulated healthcare industry has seen a considerable rise in data breach costs over that time period. For the 13th year in a row, the healthcare industry reported the most expensive data breaches, at an average cost of nearly $11 million.
• Eighty-two percent of breaches involved data stored in the cloud, whether in public, private, or multiple environments. Attackers often gained access to multiple environments, with 39 percent of breaches spanning multiple environments and incurring a higher-than-average cost of $4.75 million.

The report concludes with four recommendations:

1. Build security into every stage of software development and deployment, and test regularly;
2. Modernize data protection across the hybrid cloud;
3. Use security AI and automation to increase speed and accuracy; and
4. Strengthen resiliency by knowing the attack surface and practicing incident response.

.

From: BenefitsPRO