Surprising Stats 2023

Written By Ross Jaffe

The average cost of a data breach in 2023 was $4.45 million.

Every year, IBM Security releases the Cost of a Data Breach Report to help information technology and information security experts make better decisions using quantifiable evidence. Below are some statistics from 2022 to 2023 that we found particularly painful errr.. insightful:

  • 67% of data breaches were disclosed by either a third party or even the attackers themselves!

    • For the 27% of breaches announced by the attackers, costs averaged $930,000 (or 19.5%) higher than those who discovered it themselves!

  • Over a third of respondents did NOT involve law enforcement. As a result, they paid an average of $470,000 more and suffered an average of 33 days longer.

  • Organizations with fewer than 5,000 employees saw increases in data breach costs while larger organizations saw a decrease.

  • Paying the ransom minimally decreased the cost of the data breach. Those that paid only saved an average of $110,000 (or 2.2%)!

    • This does NOT account for the ransom itself! This means paying the ransom likely costs MORE overall!

  • The average cost of a ransomware attack in the U.S. increased by 13%!

  • Only 51% of respondents planned to increase their security investment after a data breach!

  • Organizations that employed a combination of an IR team and IR simulations resolved their data breaches 54 days sooner!

  • Healthcare as an industry suffered the worst with an average of $10.93 million per data breach. Over the past three years, that average has grown 53.3%!

  • As a country, the UK saw the largest decrease in the average by 16.6%!

  • Personal identifiable information (PII) was the costliest type of data to have breached.

  • Mean times to identify (MTTI) and mean times to resolve breaches (MTTR) changes were negligible.

So what can you do about it?

The report offers four high-level recommendations to improve your security posture:

  1. Build security into every stage of software development and deployment—and test regularly

  2. Modernize data protection across hybrid cloud

  3. Use security AI and automation to increase speed and accuracy

  4. Strengthen resiliency by knowing your attack surface and practicing IR

While no one can promise 100% security, that doesn’t stop us from trying. Reach out today to learn the best way for your organization to achieve better cybersecurity.

Don’t wait until the last minute—we’ve seen what can happen by waiting just nine days

Ross Jaffe
Previous

The Team Continues to Grow

Next

The White Hat Gala - A Celebration with a Cause