A new study revealed that costs associated with data breaches continue to rise.
What happened
Recently, the Ponemon Institute conducted a study sponsored by IBM to determine how data breaches financially impacted organizations in 2023. This is the 18th year of the report.
This year, Ponemon studied 553 organizations impacted by data breaches occurring between March 2022 and March 2023. Studied breaches occurred in 16 countries and spanned 17 industries. The study determined the average cost of a breach is $4.45 million, representing an all-time high and a 2.3% increase from 2022 and a 15.3% increase from 2020.
51% of companies analyzed planned to spend more on security because of a data breach. Lastly, the study found that companies who use AI or automate their workflow had, on average, data breaches costing $1.76 million less.
Going deeper
The 78-page report involves detailed findings regarding global breaches, attack vectors, key cost factors, and more. The report determined that, on average, the cost per breached record was approximately $165.
The country with the highest cost associated with data breaches continues to be the United States. Other regions experiencing costly breaches include the Middle East, Canada, Germany, and Japan.
For the 13th year in a row, the healthcare industry was the hardest hit by breach costs. Over the past three years alone, costs for breaches in this industry have risen by 53%. Other hard-hit industries include financial, pharmaceutical, energy, and industrial. On average, it takes an organization 73 days to contain a breach, only 3 days more than the year before.
This year, ransomware accounted for approximately 24% of the evaluated breaches. The report did not include ransomware payments in the cost analysis. Payments vary widely, and it’s generally suggested that organizations should not pay ransoms. Surprisingly, only 33% of data breaches were identified by internal teams or tools. 27% of breaches were disclosed by the attacker, generally in ransomware incidents. Lastly, phishing and stolen/compromised credentials were the most common initial attack vectors.
Related: Companies are refusing to pay ransoms
Why it matters
Reports like these confirm what many organizations may have internally realized–data breaches are increasing, and so are the costs. Healthcare industries are significantly more vulnerable; they typically house more private and personal information, making them heavily targeted. Because this industry is also considered critical, hospitals being unable to utilize their network or access data could disrupt patient treatment, resulting in a direct and physical impact on patients.
With costs rising, the hardest hit organizations will be smaller practices that may not have the funds to recover from an attack.
Read more: Rural Illinois hospitals set to close after ransomware attack
The big picture
Even though data breaches continue to happen, they are far from inevitable. The right security and software can help automate your security practices, taking out the guesswork and room for error. Paubox is proud to say we’ve never had a breach. With many attacks starting in emails, it’s imperative to encrypt messages and prevent spoofing, phishing, and more.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
