The average cost of a data breach has reached a new all-time high for organizations, as revealed in the “Cost of a Data Breach Report 2023”, the result of a global survey conducted independently by the Ponemon Institute, sponsored and published by IBM[1]. The study analyzed 553 organizations impacted by data breaches in 16 different countries during the period from March 2022 to March 2023.
The aim of the report is to provide essential information to help security and IT teams manage their risks more effectively and limit the potential for losses. In this regard, the survey highlights some important points for organizations to note.
According to the report, the average cost of a data breach reached its peak in 2023, with an increase of 2.3% compared to the previous year. Thus, the average cost of a data breach reached 4.45 million dollars.
Another significant finding of the report was that only a third of the organizations detected the data breach through their own security team, highlighting the need for improvement in threat detection. As a result, 67% of breaches were reported by a third party or by the attackers themselves.
Despite these alarming figures, only 51% of the organizations that took part in the survey plan to increase their investments in information security after a data breach.
Among all the sectors examined, the health sector reported the highest costs for data breaches for the 13th consecutive year, and in the last three years these costs have increased by 53.3% for the sector. It is followed by the financial, pharmaceutical, energy, manufacturing, technology, consulting, transportation and telecommunications sectors in the ranking.
Another crucial point emphasized in the report is the importance of reporting the incident to the relevant authorities. According to the survey, ransomware victims who reported the breach to regulatory agencies saved an average of $470,000 compared to those who chose not to. Surprisingly, however, 37% of the ransomware victims in the study decided not to contact the authorities.
Therefore, among the various insights provided by the study conducted by the Ponemon Institute and IBM, the importance of investments in information security and regulatory compliance to mitigate risks in organizational processes stands out.
[1] https://www.ibm.com/reports/data-breach