LONDON, UK, 30 July, 2024 -- IBM (NYSE: IBM) today released its annual Cost of a Data Breach Report revealing the average cost of a data breach in the UK reached £3.58 million in 2024, as breaches grow more disruptive and further expand demands on cyber teams. In the UK, while breach costs decreased in 2023, the report shows a 5% increase in 2024 compared to the previous year. From an industry perspective, financial services participants saw the costliest breaches across industries in the UK with average costs reaching £6.05 million, followed by professional services (£5.51 million) and technology (£5.4 million).Lost business and post-breach customer and third-party response costs drove the year-over-year cost spike globally, as the collateral damage from data breaches has only intensified. The disruptive effects data breaches are having on businesses are not only driving up costs but are also extending the after-effect of a breach. Globally, recovery took more than 100 days for most of the small number (12%) of breached organisations that were able to fully recover.
The 2024 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 604 organisations globally between March 2023 and February 2024. The research, conducted by Ponemon Institute, and sponsored and analysed by IBM, has been published for 19 consecutive years and has studied the breaches of more than 6,000 organisations, becoming an industry benchmark.
Some key findings in the 2024 IBM report for the UK include:
AI and Automation Deployment on the Rise 71% of UK organisations studied are deploying security AI and automation across their security operation centre (SOC), a near 13% jump from the prior year. Globally, 20% stated they used some form of generative AI (Gen AI) security tools.
Hacking the clock with AI UK organisations that employed security AI and automation extensively detected and contained an incident, on average, 106 days faster than organisations not using these technologies.
AI-Powered Security Pays Off When AI and automation technologies were used extensively, organisations incurred an average £1.06 million less in breach costs, compared to those without AI and automation deployments.
Stolen credentials lead breach causes At 15%, stolen or compromised credentials was the most common initial attack vector and represent an average total cost of £4.27 million per breach. Followed by phishing at 12% (£3.59 million) and Business Email Compromise at 11% (£4.03). Malicious insiders were the most expensive entry point (£4.36) at 10% of breaches studied.
Data Visibility Gaps 38% of breaches in UK involved data stored across multiple environments, including public cloud, private cloud and on-prem. These breaches cost more than £3.5 million on average and took the longest to identify and contain (258 days).
Key factors that increased costs - The top three factors that amplified breach costs for UK organisations were non-compliance with regulations (£287K), IoT/OT environment impacted (£246K) and supply chain breaches (£241K).
Security staffing shortages drove up breach costs
More than half of the organisations studied globally had severe or high-level staffing shortages last year and experienced an average of USD $1.76 million in higher breach costs as a result (USD $5.74 million for high levels vs. USD $3.98 million for low levels or none). This comes at a time when organisations are racing to adopt gen AI technologies, which are expected to introduce new risks for security teams. In fact, according to a study from the IBM Institute for Business Value, 51% of business leaders surveyed were concerned with unpredictable risks and new security vulnerabilities arising, and 47% were concerned with new attacks targeting AI.
Mounting staffing challenges may soon see relief, as more organisations worldwide stated that they are planning to increase security budgets compared to last year (63% vs. 51%), and employee training emerged as a top planned investment area. Globally, organisations also plan to invest in incident response planning and testing, threat detection and response technologies (e.g., SIEM, SOAR and EDR), identity and access management and data security protection tools.
In a landscape marked by increasing cyber threats, this year's report highlights critical vulnerabilities and strategic opportunities, said Martin Borrett, Technical Director, IBM Security UKI. Worldwide, organisations with severe security staffing shortages were affected by a substantial rise in breach costs. Security AI and automation are effective in supporting team efforts to identify and accelerate incident response, helping UK companies reduce both breach expenses and business impact. Robust, AI-driven security measures are essential, and addressing regulatory non-compliance and IoT vulnerabilities remains crucial.
Matthew Evans, Chief Operating Officer and Director of Markets, techUK said, The IBM 2024 Cost of a Data Breach report underscores the urgent need for businesses to invest in robust security measures, including AI-powered prevention and automation technologies. As organisations continue to adopt generative AI technologies, addressing the new security vulnerabilities that come with them and prioritise investments in security staffing and training is crucial. By enhancing security measures and leveraging advanced technologies, businesses can better protect their data and mitigate the far-reaching impacts of breaches."
Other global findings in the 2024 Cost of a Data Breach Report include:
Shorter breach lifecycles - The global average data breach lifecycle hit a 7-year low of 258 days down from 277 days the prior year and revealing that technologies such as security AI and automation may be helping put time back on defenders' side by improving thr
