Companies are shifting the significant financial impact of cyberattacks onto consumers. The average cost of a breach has risen to nearly $5 million, prompting companies to raise prices for goods and services to offset expenses related to breach detection, victim notification, and lost business. The healthcare sector continues to be the most affected among all industries, and the United States remains at the top among countries.
A recent report by IBM has highlighted an alarming trend. The tech giant collaborated with Ponemon to observe and study 604 organisations affected by data breaches between 2023 and 2024. To ensure a well-rounded approach, researchers studied organisations from 17 industries across 16 countries. The number of individuals affected by breaches in each organisation ranged from 2,100 to 113,000.
The research calculates that the figure of $5 million encompasses various components, including expenses related to breach detection, victim notification, post-breach response efforts, and the lost business that results from such incidents.
The costs also account for forensic investigations, customer support hotlines, free credit monitoring services, and indirect costs such as in-house investigations and customer attrition.
Researchers also observed that the financial impact of data breaches is becoming increasingly severe. Over the past year, the combined costs of lost business and post-breach activities alone have surged to $2.8 million, marking the highest figure in the past six years.
Additionally, operational downtime, staffing customer service help desks, and heightened regulatory fines have increased.
The report reveals that more than 45% of breaches involved the exposure of customer personal data, including sensitive information such as tax identification numbers, email addresses, and physical addresses. Intellectual property was compromised in 43% of breaches, emphasising the breadth of the impact.
The report also sheds light on the increasing ransomware attacks on organisations and their related impact. Recently, we saw several ransomware attacks on organisations including Evolve Bank. Involving law enforcement in these incidents can be highly beneficial. On average, this approach has resulted in savings of approximately $1 million per case, not including potential ransom amounts.
Interestingly, about 66% of companies hit by ransomware chose to work with law enforcement and refused to pay the demanded ransom. This strategy saved money and significantly reduced the time needed to detect and mitigate the breaches, cutting it down by more than two weeks on average.
Among industries, the healthcare field remains the most financially impacted by data breaches as we have seen in the recent breaches at Synnovis, MediSecure, RiteAid, and Sav-Rx. Each incident in this sector costs an average of nearly $10 million, a figure that has topped the list for over a decade.
Meanwhile, the industrial sector, including chemical manufacturing and engineering, has experienced the most substantial rise in breach-related expenses. In the past year alone, this sector’s average cost per breach increased by more than $800,00. Experts attribute this surge to the stringent regulations governing the industry and its vulnerability to operations disruptions.
Geographically. the United States remains the most expensive country for data breaches, with an average cost of $9.36 million, a position that it has held for 14 consecutive years. In contrast, Canada and Japan have witnessed decreased breach costs, while Italy and certain Middle Eastern countries experienced notable increases.
Furthermore, researchers have identified two main culprits behind data breaches: phishing schemes and stolen login information. Incidents stemming from phishing tactics tend to be the most expensive, with companies facing average losses of nearly $4.9 million per breach. Close behind are breaches caused by compromised user credentials, which typically cost organisations around $4.8 million each.
In the News: Friend launches AI-powered always-listening pendant
