The global average cost of a data breach has reached €4.49 million in 2024, an increase of 10% on the previous year.
IBM's annual 'Cost of a Data Breach Report' shows that 70% of breached organisations reported that the breach caused significant or very significant disruption.
Lost business and post-breach customer and third-party response costs drove the year-over-year increase, with the collateral damage from data breaches intensifying.
The research shows that recovery from a breach took more than 100 days for the 12% of breached organisations that were able to fully recover.
According to IBM, there was an increase in organisations that faced severe shortages of cybersecurity staff compared to the prior year.
The report also shows that organisations that deployed AI-powered security and automation incurred lower breach costs.
The research shows 63% of organisations stated they would increase the cost of goods or services because of a breach this year, a slight increase from last year's figure of 57%.
At 16%, stolen/compromised credentials was the most common attack. These breaches also took the longest to identity and contain at nearly 10 months.
The research shows that fewer ransoms were paid when law enforcement were engaged, with 63% of ransomware victims who involved law enforcement being able to avoid paying a ransom.
The highest breach costs were incurred by critical infrastructure organisations across healthcare, financial services, industrial, technology and energy.
For the 14th year in a row, healthcare organisations saw the costliest breaches across industries with average breach costs reaching €8.99 million.
The report is based on an analysis of real-world data breaches experienced by 604 organisations globally between March 2023 and February 2024.
"Businesses are caught in a continuous cycle of breaches, containment and fallout response," said Kevin Skapinetz, Vice President, Strategy and Product Design, IBM Security.
"This cycle now often includes investments in strengthening security defences and passing breach expenses on to consumers - making security the new cost of doing business."
"To get ahead, businesses should invest in new AI-driven defences and develop the skills needed to address the emerging risks and opportunities presented by generative AI," Mr Skapinetz said.
