Cost of a data breach up 10% to almost $5 million — IBM report

Cost of a data breach up 10% to almost $5 million — IBM report

IBM’s new cost of a data breach report is out, and the numbers are not encouraging. By the numbers:

$4.88 million — The global average cost of a data breach in 2024—a 10% increase over last year and the highest total ever. The highest average cost was $9.77 million for the healthcare sector. The industrial sector reported the biggest year over year increase in costs, an average increase of $830,000.

1 in 3 — 35% of breaches involved shadow data. Shadow data is data stored in unmanaged data sources.
Shadow data theft correlated to a 16% greater cost of a breach. Researchers found storing data across environments proved to be a common storage strategy, accounting for 40% of breaches. These breaches also took longer to identify and contain. In contrast, data stored in just 1 type of environment was breached less often, whether that environment was public cloud (25%), on premises (20%) or private cloud (15%).

$4.99 million — The cost of a malicious insider breach.

46% — The share of breaches involving customer personal data.

$1 million — The savings when law enforcement is contacted by a ransomware victim. When organizations fell victim to ransomware, 52% called in law enforcement. The majority of those that did, 63%, ended up not paying the ransom. Calling in law enforcement also shortened the time it took to identify and contain breaches, from 297 to 281 days.

$5.53 million — The cost of a data breach when it is disclosed by the attacker. By the time an attacker discloses a breach, they’ll likely have already achieved their objective and done considerable damage, raising the overall costs of the breach. When a security team identified a breach, the average cost was USD 4.55 million.

As always, the IBM report is chock full of other statistics about trends and factors that can increase or decrease the cost of a breach. This year, they highlight the role of AI in security and cost reduction.

Request the full report on IBM’s site.