The Cost of Data Breaches Is Reaching Record Highs

The average cost of data breaches has risen steadily since 2017 and reached a record high in 2023, The Hacker News reports, citing the latest edition of The IBM Cost of a Data Breach Report.

In 2017 the cost was $3.62 million. In 2023, it was $4.45 million.

The report provides organizations with quantifiable information about the financial impacts of breaches. It seeks to facilitate data driven decisions about the implementation of cybersecurity.

“We tend to talk a lot about security issues and solutions. This report puts a number behind threats and solutions and provides a lot of information to support claims of how a threat actor, a solution or a process impacts you financially,” said Etay Maor, Senior Director of Security Strategy at Cato Networks.

The costliest breaches occur in healthcare ($10.93 million), financial ($5.9 million), pharmaceuticals ($4.82 million), energy ($4.78 million) and industrial ($4.73 million).

Maor explained why an individual’s healthcare data is so valuable to cyber-criminals: “An attacker might steal a victim’s healthcare information and use it for identity fraud, to attack a bank or an insurance company, or for other causes.”

The most common method of breaching an organization is phishing. Malicious insiders are responsible for the fewest breaches but those are the most costly, nearly $5 million on average.

Many attack vectors are easily mitigated with a zero-trust approach, according to Maor. But even organizations that have recent experiences with breaches are reluctant to increase their security investment.

The article suggests all organizations consider the following:

• Secure Development Practices: Implement DevSecOps (development, security, and operations) for comprehensive security integration, apply secure design principles, extend security measures to cloud environments, and conduct regular testing including penetration testing.
• Data Protection in Hybrid Cloud: Ensure visibility and control over data, safeguard data during transitions, and deploy data activity monitoring solutions.
• Security artificial intelligence (AI) and Automation Integration: Integrate AI and automation into security tools, use mature AI technologies, seamlessly combine core security technologies, and leverage security AI for pattern recognition.
• Resilience through Incident Response: Understand exposure to potential attacks, utilize Attack Surface Management (ASM) tools and adversary simulation, form a proficient incident response team, and establish and regularly test incident response plans.