IBM: Tap AI, DevSecOps and Law Enforcement to Cut Data Breach Costs

New figures from IBM reveal that the cost of a data breach hit a record high of $4.45 million on average globally in 2023, up 15% from three years ago, showing that there is no cybersecurity reprieve for businesses.

The tech giant’s 2023 Cost of a Data Breach Report specifically found that as breaches become more complex, detection and escalation costs have risen over 42% in the past three years, causing organizations major headaches.

Costs of attacks are higher for organizations that did not involve law enforcement. These ransomware victims paid on average $470,000 higher breach costs than those that did, and endured the attack 33 days longer. Still, 37% of respondents opted not to bring in law enforcement, thinking it will make the situation worse. Overall, nearly half (47%) of ransomware victims paid up.

The study of some 553 organizations, conducted by Ponemon Institute, found that 95% experienced more than one breach. Compromised organizations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%).

AI makes the difference

AI was found to have had the biggest impact on cybersecurity, according to the report. Organizations that deployed security AI and automation saw, on average, nearly $1.8 million lower data breach costs than organizations that didn't extensively deploy these technologies. It also shortened the attack duration by 108 days on average.

Companies that responded with AI and automation security tools were found to have experienced shorter breach lifecycles at just 214 days. In comparison, those that hadn’t deployed these technologies experienced 322-day lifecycles.

Ransomware attacks are being completed at faster rates, the study found, with IBM saying that security AI and automation tools could boost response speeds. AI and automation tools are “crucial” for security teams to improve detection speeds and efficiency, said Chris McCurdy, general manager of Worldwide IBM Security Services, in a statement.

Despite the rise in costs, threat detection has seen some improvements. IBM’s report found that defenders halted a higher proportion of ransomware attacks last year. For those that got through, data was routinely lost across multiple environments. Nearly 40% of data breaches were found to have lost data in the public cloud, private cloud and on-prem breaches.

Parties with a high level of DevSecOps saw a global average cost of a data breach nearly $1.7 million lower than those with a low to no DevSecOps approach.

Stay updated. Subscribe to the AI Business newsletter.