The average cost per data breach for business in 2023 jumped to $4.45 million, a 15% increase over three years. But instead of investing in cybersecurity, 57% of breached organizations told IBM they were inclined to just pass those costs onto consumers.
The final total for the year could be even higher: With organizations struggling to crack down on cybercrime, threat groups like Cl0p are cleaning up. Coveware has, for instance, released an analysis estimating the MOVEit breach, which has already claimed dozens of victims and counting, could earn Cl0p up to $100 million. Coveware anticipates the the Cl0p MOVEit campaign will effect up to 1,000 companies.
According to IBM's recent data breach cost report, there are three specific areas that organizations should address to help reduce the cost of the next breach:
- First, artificial intelligence (AI) and automation reduces the data breach lifecycle on average from 322 days to 214;
- Second, companies should bring in law enforcement. IBM's research found 37% of breached organizations refused to call in the cops, and it cost them an average of $470,000 in additional costs;
- Third, investing in security teams so they are able to detect breaches early. The research added when cyberattackers disclose the breach first, those incidents cost an organization an average of $1 million more.
"As the report shows, early detection and fast response can significantly reduce the impact of a breach," Chris McCurdy, general manager, worldwide IBM Security Services said in a statement about the research. "Security teams must focus on where adversaries are the most successful and concentrate their efforts on stopping them before they achieve their goals. Investments in threat detection and response approaches that accelerate defenders speed and efficiency — such as AI and automation — are crucial to shifting this balance."
In the meantime, someone's picking up the tab for spiking cybercrime costs, and apparently in more than half of the cases, it's consumers.