Globally، intellectual property theft spiked; More than one-third of breaches involved shadow data. Use of AI/Automation cut breach costs by USD $1.88 million
IBM released its annual Cost of a Data Breach Report revealing the global average cost of a data breach reached USD $4.88 million in 2024، a 10% increase from USD $4.45 million last year، the largest yearly jump since the pandemic. Globally، 70% of breached organizations reported that the breach caused significant or very significant disruption.
Lost business cost- including operational downtime، lost customers، and reputation damage-، and post-breach customer response costs -such as staffing customer service help desks and paying higher regulatory fines، drove the year-over-year cost spike، as the collateral damage from data breaches has only intensified. The disruptive effects data breaches are having on businesses are not only driving up costs but are also extending the after-effect of a breach. Globally، recovery took more than 100 days for most of the small number (12%) of breached organizations that were able to fully recover.
The costliest breaches
From an industry perspective، the 2024 report highlights that the global healthcare sector experienced the costliest breaches across industries، with an average cost of USD $9.77 million، followed by the financial sector at USD $6.08 million، and the industrial sector at USD $5.56 million on average.
In the Middle East، data breach costs for companies are on the rise، with an average cost of USD $ 8.75 million. Process-related activities، such as lost business، detection and escalation، post-breach customer response، and notification costs، have contributed to higher year-on-year costs in the region.
Marwa Abbas، General Manager of IBM Egypt، said، “The continued escalation of data breach costs underscores the urgent need for advanced cybersecurity measures. As technology evolves and becomes more complex، cyber threats and data breaches have grown increasingly sophisticated. It is now more critical than ever to adopt AI-driven technologies، address security staffing shortages، and enhance regulatory compliance. These actions are vital for all organizations to mitigate the growing risks and costs of data breaches، protecting both businesses and customers.”
Some global key findings in the 2024 IBM report include:
• Understaffed Security Teams – More than half of the organizations studied had severe or high-level staffing shortages last year and experienced significantly higher breach costs as a result (USD $5.74 million for high levels vs. USD $3.98 million for low levels or none). Mounting staffing challenges may soon see relief، as more organizations stated that they are planning to increase security budgets compared to last year (63% vs. 51%)، and employee training emerged as a top planned investment area. Organizations also plan to invest in incident response planning and testing، threat detection and response technologies (e.g.، SIEM، SOAR and EDR)، identity and access management and data security protection tools.
• Data Visibility Gaps – Forty percent of breaches involved data stored across multiple environments including public cloud، private cloud، and on-prem. These breaches cost more than USD $5 million on average and took the longest to identify and contain (283 days).
• Intellectual property theft – According to the 2024 report، more than one-third of breaches involved shadow data (data stored in unmanaged data sources)، highlighting the growing challenge with tracking and safeguarding data. These data visibility gaps contributed to the sharp rise (27%) in intellectual property (IP) theft. Costs associated with these stolen records also jumped nearly 11% from the prior year to USD $173 per record. IP may grow even more accessible as gen AI initiatives push this data and other highly proprietary data closer to the surface. With critical data becoming more dynamic and active across environments، businesses will need to reassess the security and access controls surrounding it.
• AI-Powered Prevention Pays Off – The report found that 67% of organizations deployed security AI and automation، a near 10% jump from the prior year and 20% stated they used some form of generative AI security tools. Organizations that employed security AI and automation extensively detected and contained an incident، on average، 98 days faster and incurred an average of USD $1.88 million less in breach costs.
• Data Breach Lifecycle: the global average data breach lifecycle hit a 7-year low of 258 days – down from 277 days the prior year and revealing that these technologies may be helping put time back on defenders’ side by improving threat mitigation and remediation activities.
• Increased internal detection – 42% of breaches were detected by an organization’s own security team or tools compared to 33% the prior year. Internal detection shortened the data breach lifecycle by 61 days and saved organizations nearly USD $1 million in breach costs compared to those disclosed by an attacker.
The 2024 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024. The research، conducted by Ponemon Institute، and sponsored and analyzed by IBM، has been published for 19 consecutive years and has studied the breaches of more than 6،000 organizations، becoming an industry benchmark.
