Data breach incident costs up 16 percent in two years: IBM

As cybersecurity breaches increase, so too do their cost, according to a new IBM report data breaches cost organisations that it studies on average $3.8 million per incident.

The IBM, Cost of a Data Breach report highlights both global and Australian findings showing that while 45 percent of breaches occur in the cloud, 43 percent of businesses still haven’t or are in the early stages of implementing cloud security.

The cost of a data breach has grown 16 percent in the past two years, the report explained.

Charles Henderson, global head of IBM security X-Force said, "Businesses need to put their security defences on the offense and beat attackers to the punch. It's time to stop the adversary from achieving their objectives and start to minimise the impact of attacks.

“The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases," he said. 

"This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked."

These costs are impacting customers as the report noted that 60 percent of businesses increased prices on their products or services as they struggle to keep up with breach costs.

This in turn is contributing to inflation, as costs of goods already soar globally.

Data breaches happen to the majority of organisations, IBM reports that 83 percent of businesses have experienced more than one data breach in their lifetime, meaning consumers have paid the price more than once, and will continue to do so as businesses prove to be more vulnerable than ever before.

Australian organisations with mature-stage cloud environments recorded on average $3.05 million on the cost of a data breach as opposed to $4.94 million for organisations with early-stage deployment and AU $6.20 million for organisations that have not deployed any cloud environment. 

The average time to identify a breach for Australian businesses surveyed was 221 days. The ‘good news’ is that the number of days to contain a breach once identified is shrinking – in 2022 it took an average of 75 days to contain a breach, compared to 92 days in 2021.