Data breaches are now more expensive than ever. A recent study revealed that organizations are facing a 15% increase in costs over the past three years, with an average of $4.5 million being spent to address breaches.
The report, conducted by researchers at the Ponemon Institute and published by IBM Security, analyzed data breaches at 553 organizations in 17 industries across 16 countries and regions from March 2022 to March 2023.
The main factors contributing to breach costs were examined, and the bulk of the expenses were associated with hiring companies to conduct breach investigations, termed as "detection and escalation" activities. These activities encompass forensic and investigative services, assessment and audit services, crisis management, and executive and board communications. On average, this aspect alone accounted for $1.6 million per breach.
Another significant cost was related to lost business, post-breach response, and notification. In 2023, the expenses for business disruption and system downtime decreased slightly from $1.4 million to $1.3 million. However, breach notifications costs rose to $370,000 due to increased expenses related to notifying victims, regulators, and third-party organizations.
In terms of geographical distribution, the countries and regions with the highest costs per breach remained consistent with the previous year. The U.S., Middle East, and Canada occupied the top three spots in 2023, with the U.S. having the most significant cost per breach at a staggering $9.5 million, surpassing other regions by over $1 million per breach.
Within industries, healthcare organizations faced the highest average cost of a breach, reaching $10.9 million. Other industries did not exceed an average cost of $6 million.
Overall, this report highlights the mounting financial impact of data breaches on organizations, emphasizing the need for increased cybersecurity measures and vigilance in the face of evolving cyber threats.