Who should pay the tab when a cybercriminal succeeds in breaching a company’s network? Many would say that the company should eat the loss, file a claim with its insurance carrier and double down on its efforts to stop the next attack.
New research from IBM, however, suggests that a growing number of businesses don’t see it that way.
According to the 2023 Cost of a Data Breach Report by IBM, businesses are divided on how to handle the increasing cost and frequency of breaches.
“Breached organizations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%),” IBM noted in a news release.
15%
The percentage increase of security breaches in the last three years
Source: “Cost of a Data Breach Report,” 2023, IBM
The average breach now costs $4.45 million, according to IBM, a 15 percent increase over the last three years. Those costs include any ransom paid to an attacker, plus injury to customer trust, stock price declines, intellectual property loss and more.
Only half of breached companies responded by increasing their cybersecurity efforts. Those that do not stand to pay more: Businesses that learn about breaches from attackers rather than by detecting them pay an additional $1 million in average costs, according to IBM.
“Investments in threat detection and response approaches that accelerate defenders’ speed and efficiency — such as AI and automation — are crucial to shifting this balance,” Chris McCurdy, IBM’s general manager of worldwide security services, said in the release.
Learn more about managed detection and response at biztechmag.com/detection.
