While the cost of cybersecurity attacks rose 10% from the previous year — the largest annual augment since the pandemic — the utilize of artificial intelligence and automation in defensive cybersecurity workflows continues to lower the cost of a breach, according to the IBM Security 2024 Cost of a Data Breach Report, independently produced by the Ponemon Institute.
The key recommendation is: Invest in AI-powered security to “address new threats and opportunities brought about by generative AI,” Kevin Skapinetz, vice president of product strategy and design at IBM Security, said in an announcement Tuesday.
Artificial intelligence can reduce the severity of a breach
With “extensive” adoption, organizations saw an average $2.2 million reduction in breach costs compared with those that did not utilize AI-based defenses in their security processes, the largest cost savings in the annual study, the company said.
The 19th edition of the IBM benchmark study analyzed real-world data breaches experienced by 604 organizations worldwide between March 2023 and February 2024.
The utilize of generative AI in business operations has rapidly expanded across industries, expanding attack surfaces and introducing fresh risks for security teams.
“This spending will soon become unsustainable,” Skapinetz said in a statement.
In healthcare, the hardest-hit industry for the 14th consecutive year, data automation and AI integrations are leveraging electronic health records and other systems like patient portals. Many providers now offer chatbot-based access to machine-learning algorithms that streamline operations and reduce administrative and other burdens that plague the healthcare ecosystem.
The researchers found that across all industries, 67% of organizations analyzed had implemented AI security and automation — nearly 10% year over year — while 20% said they were using some form of security tools that relied on machine learning.
By increasing their utilize of AI tools in security – two of the three organizations studied this year implemented AI and security automation in their security operations centers – they were able to reduce the cost of a breach by an average of $2.2 million, researchers found.
Law enforcement is another key to cost savings. Ransomware victims have saved an average of nearly $1 million in breach costs by filing lawsuits.
While 70% of organizations affected by breaches reported that the breaches caused significant disruption, the average global data breach lifecycle hit a seven-year low of 258 days — down from 277 days in the 2023 report. By improving threat mitigation and remediation efforts and making extensive utilize of artificial intelligence and security automation to detect and stop cyber incidents, security teams have made up for lost time on their side, researchers found in statement.
According to the analysis, on average 98 days faster than for organizations not using these technologies.
More money for tech workers
Organizations are also grappling with more severe staffing shortages, which has driven up the overall cost of a breach to an average of $5.74 million for high-level shortages compared to $3.98 million for low-level shortages, according to report.
Since last year’s study, staffing shortages have increased by 26%, resulting in an average $1.76 million augment in breach recovery costs compared to companies with little or no security staffing issues.
As a result, more organizations said they plan to augment their security budgets compared to last year – 63% compared with 51% – to address technical and skills resource shortages.
According to the researchers, one of the areas of planned investments is to augment the number of employee training courses.
Violations related to data visibility gaps
The breaches that took the longest to identify and contain — an average of 283 days — involved data stored in multiple environments, including public cloud, private cloud, and on-premises.
These types of breaches accounted for 40% of all cases investigated, and the average cost of data recovery was over $5 million.
Of note, intellectual property theft was up 27%, representing a nearly 11% augment in costs from a year earlier at $173 per record.
The researchers also found that adding genAI to the network brings data closer to the surface, and attributed the most common initial attack vector to stolen or compromised credentials (16%).
Data sharing initiatives that break down barriers aim to streamline operations and ensure compliance with information sharing requirements across industries, including healthcare.
Given the increasing activity across diverse environments, organizations need to reassess security and access control issues, researchers say.
Passing on higher costs to consumers
While organizations said they plan to augment investments in incident response planning and testing, threat detection and response technologies, and improved identity and access management, 63% of organizations said they will augment the price of goods or services to consumers this year due to a security breach.
“Companies are trapped in a constant cycle of breach, containment and response,” Skapinetz said in a statement.
“This cycle now often involves investing in hardening security and passing on the costs of breaches to consumers – making security the new cost of doing business.”
Healthcare costs set to rise 8% in the next yearand more than a quarter of adults indicated that they had forgone or postponed getting the health care they needed in the past 12 months because of the cost, according to a recent KFF survey check-in on the challenges of healthcare costs in the US
Rising costs, regardless of the cause, may ultimately impact the availability of healthcare.
The HIMSS Healthcare Cybersecurity Forum will be held October 31–November 1 in Washington, DC Learn more and sign up.