Data breaches cost more than ever, but early detection and AI can save millions

The next time your bank, utility provider, or favorite store is hit by a data breach, don’t be surprised if you end up footing the bill.

Companies whose information is compromised are much more likely to pass expenses tied to the incident onto customers than they are to invest in beefed-up security, a new report from IBM Security found.

Over half (57%) of organizations in the study incorporated the exposure costs into their prices, while only 51% of companies actually increased security investments, according to IBM’s 2023 Cost of a Data Breach report.

This dissonance comes as data breaches cost more than ever for affected organizations—averaging $4.4 million per incident over the last year—and as investigations in their aftermath have grown increasingly complex.

Factors driving the associated costs include assessment and audit services, crisis management, notifying executives and customers, lost business, and disabled systems, the report said.

However, organizations shouldn’t throw up their hands and stop innovating in the face of such persistent threats, according to Charles Henderson, global head of IBM X-Force.

“Although data breach costs continue to rise for many, our report shows that by adopting the right technologies and strategies, businesses can significantly reduce detection time and costs,” Henderson wrote in a statement, shared with IT Brew via IBM rep Cassy Lalan. “For example, security AI and automation had the biggest impact on an organization’s ability to speed the identification and containment process for a breach—and led to the biggest cost savings. But with less than one third of organizations using AI and automation extensively, there is still significant opportunity to improve security speed and efficiency.”

Indeed, the study found that companies can take concrete steps to significantly curb their losses, including using automated tools to identify a breach and contain its consequences, working with law enforcement, and proactively detecting breaches in-house.

Among these factors, using AI and automation slashed the costs the most: Companies that employed these tools saved an average of $1.8 million per incident. Organizations whose own employees discover a vulnerability spend roughly $1 million less than when the bad actor discloses it, the report said. Despite the obvious advantages of internal vigilance, only one-third of breaches in the study were discovered by employees, while 27% were announced by an attacker.

“Time is the new currency in cybersecurity both for the defenders and the attackers. As the report shows, early detection and fast response can significantly reduce the impact of a breach,” Chris McCurdy, general manager of worldwide IBM security services, said in a statement.

The annual study, which is in its 18th year, examined 553 companies in 16 countries between March 2022 and March 2023, and was conducted by Ponemon Institute with IBM’s funding and analysis.