© Copyright Acquisition International 2025 - All Rights Reserved.

Article Image - Average Cost of a Data Breach Reaches An All-Time High of $4.45m, But AI and Automation Continue to Save Time and Money
Posted 24th August 2023

Average Cost of a Data Breach Reaches An All-Time High of $4.45m, But AI and Automation Continue to Save Time and Money

IBM’s Cost of a Data Breach report has highlighted the increasing cost for companies that suffer a data breach. The report found that the average cost of a data breach is now at an all-time high of $4.45 million. This represents an increase from last year, up 2.3 percent and a mammoth 15.3 percent from the 2020 report.

Mouse Scroll AnimationScroll to keep reading

Let us help promote your business to a wider following.

Average Cost of a Data Breach Reaches An All-Time High of $4.45m, But AI and Automation Continue to Save Time and Money
AI Automation

The IBM Cost of a Data Breach 2023 report also highlights the consequences to smaller organisations as they face considerably higher data breach costs 

AJ Thompson, CCO, Northdoor plc  

IBM’s Cost of a Data Breach report has highlighted the increasing cost for companies that suffer a data breach. The report found that the average cost of a data breach is now at an all-time high of $4.45 million. This represents an increase from last year, up 2.3 percent and a mammoth 15.3 percent from the 2020 report. 

The report also highlighted that it is not just big business that is targeted by cyber criminals. All businesses no matter their size or market need to fully understand the threat they are facing and where vulnerabilities within their defences lie. 

 

Smaller organisations hit by considerably higher data breach costs 

The report found that in 2023 companies with more than 5,000 employees saw the average cost of a data breach actually decrease compared to last year. There might be a number of factors influencing this decrease, but certainly we have seen large organisations increase their spend on cyber defences over the past few months. 

However, smaller organisations, who might have paused or not increased spending on cyber defences in light of the uncertain economy have been hit by considerably higher data breach costs compared to 2022. Organisations with fewer than 500 employees saw average impact of a data breach increase from $2.92 million to $3.31 million or 13.4 percent. 

Those with 500-1000 employees saw an increase of 21.4 percent, from $2.71 million to $3.29 million and those in the 1001-5000 employee range saw the average cost of a data breach increase from $4.06 million to $4.87 million, a rise of nearly 20 percent. 

Still, too often, small businesses presume that they are not targeted by cyber criminals and that it is only enterprise level organisations under threat of being hacked. As the report confirms, this is not the case. All businesses, no matter their size or market have data that is potentially hugely valuable to cyber criminals and so by ignoring the threat, smaller businesses are putting themselves at risk. 

The cost of a data breach for the smallest companies, of on average, $3.31 million is huge and is more than enough to put them out of business. Therefore, instead of ‘saving’ money by not investing in cyber defences, all companies need to address the increasing threat from cyber criminals and ensure that their defences are able to keep them out and keep data safe.  

The cost of a breach inevitably trickles down to the consumer too. The report found that most organisations continue to increase the price of services and goods as a result of a data breach. 57 percent of respondents indicated that data breaches led directly to an increase in business offerings, passing on the cost to consumers. 

 

Phishing and stolen or compromised credentials responsible for majority of attacks 

The report also found that phishing and stolen or compromised credentials were the two most common initial attack vectors (the way for the attacker to enter a network or system). We have seen cyber criminals use increasingly sophisticated phishing attacks to target employees, which are often considered the ‘weakest link’ in the security defences of a company. This is reflected in the report with phishing attacks responsible for 16 percent of breaches and stolen or compromised credentials responsible for 15 percent. 

These were followed by cloud misconfiguration at 11 percent, followed by business email compromised at 9 percent. 

Companies, therefore, have to ensure that the weakest link in their security defences is strengthened considerably. The nature of the most recent phishing attacks means that employees have very little chance of being to filter out legitimate messages and malicious emails and need help in doing so.  

Encouragingly, the report suggests that businesses are doing exactly this. 

 

Majority of companies planning to increase security investments 

51 percent of businesses were planning to increase security investments because of a data breach. At a time where budgets are already stretched this is a really encouraging sign that companies are taking the threat, and consequences, of a cyber attack seriously. 

It is further encouraging where businesses are looking to spend the increased investment. The report found that incident response (IR) planning and testing, threat detection and response technologies were investment priorities, as was employee training. 

The latter is particularly significant given that phishing attacks are the most common way cyber criminals gain access to systems or network. Careful education of employees on what the threat looks like and how to deal with suspicious communication will be key in strengthening this ‘weakest’ element of cyber defence. There has to be a balance though. Too many messages can cause ‘security fatigue’ where employees, inundated with warnings, end up taking little notice of any of the messages, allowing malicious approaches to get through. Targeted, timely, education is the key.  

 

AI and automation save time and money 

The use of AI and automation solutions have had, according to the report, a real impact for businesses who use such solutions extensively within their defences. On average those companies with such solutions in place were able to identify and contain a breach 108-days shorter than those without. These companies also reported a $1.76 million lower data breach cost compared to organisations that didn’t have such capabilities.  

The time to identify the fact that a company has been breached is particularly significant. The recent hack of the elections watchdog highlights this. Not only were the details of tens of millions of voters potentially compromised it appears that the cyber criminals may have been in the system of the watchdog for some time, before being discovered. 

According to reports the attack was identified in October 2022, but the hackers had first been able to gain access to the commission’s systems in August 2021. This is a large amount of time for a cyber criminal to have, essentially, free reign, over systems and data. It gives them the time to understand where the most valuable data is stored and cause untold amounts of subtle damage all whilst the organisations is blissfully unaware of their presence. 

The use of AI and automation solutions, as highlighted in IBM’s Cost of a Data Breach report, has shown a significant reduction in the amount of time to discover a breach. Getting cyber criminals out of a system quickly reduces damage and potential cost. Therefore, any upfront investment in such technology can quickly show ROI. 

Whilst the report’s headlines will be focused on the ever-increasing cost of a data breach for most companies, there are, as has been discussed, a number of real positives. It seems that companies are recognising the real threat of cyber crime on their business and are willing to spend budget in order to close vulnerabilities and keep the criminal out. Ignoring the threat and ‘saving’ money by not investing in cyber defences is no longer an option.  

Cyber criminals are not going away and are only going to be increasing the number and level of sophistication of their attacks. Businesses must address the weak points of their defences, whether that be employees or vulnerabilities within their existing cyber solutions, or be prepared to pay a huge cost and possible loss of their business if they are hacked. 

Categories: Innovation, News


You Might Also Like
Read Full PostRead - Eye Icon
Gattai Minoli Agostinelli, White & Case And Facchini Rossi Advise Cvc On The Acquisition Of Recordat
M&A
13/07/2018Gattai Minoli Agostinelli, White & Case And Facchini Rossi Advise Cvc On The Acquisition Of Recordat

The law firms Gattai Minoli Agostinelli & Partners, White & Case LLP and Facchini Rossi & Soci have advised funds managed by CVC Capital Partners in relation to the acquisition of a controlling stake in Recordati from the Recordati family.

Read Full PostRead - Eye Icon
New 3D Approach to Engaging Research
Innovation
12/11/2015New 3D Approach to Engaging Research

A new research tool, Voxter, has been launched in London as an innovative, 3D communication solution for meaningful research.

Read Full PostRead - Eye Icon
Global Headwinds Fail to Stifle Dubai Property Boom
Finance
31/07/2023Global Headwinds Fail to Stifle Dubai Property Boom

The UAE’s real estate market has outpaced both advanced and emerging economies over the past two years, according to the Bank for International Settlements. As central banks around the world tighten monetary policy, Dubai is setting itself apart. The emi

Read Full PostRead - Eye Icon
Should Your Company be Issuing 1099 Forms to Independent Contractors?
News
27/06/2022Should Your Company be Issuing 1099 Forms to Independent Contractors?

As soon as your small business starts outsourcing its tasks to independent contractors is the moment you need to consider tax compliance. Independent contractors aren’t supposed to use the same tax forms as employees, but they may not always need certain for

Read Full PostRead - Eye Icon
Merger Between Greenbrier Europe and Astra Rail
Finance
14/10/2016Merger Between Greenbrier Europe and Astra Rail

The Greenbrier Companies, Inc. and Astra Rail Management GmbH today announced plans to form a new company, Greenbrier-Astra Rail, that will create an end-to-end, Europe-based freight railcar manufacturing, engineering and repair business.

Read Full PostRead - Eye Icon
Indian Ingenuity in Educational Excellence
Innovation
04/02/2020Indian Ingenuity in Educational Excellence

For many students, learning and achieving academic success requires more than simply studying books. Feeling invested in and connected with can help students go above and beyond their limitations in striving for better careers. EduconIndia is helping students

Read Full PostRead - Eye Icon
Why Are AI Recruitment Start-ups Winning Millions in Investment?
News
23/02/2022Why Are AI Recruitment Start-ups Winning Millions in Investment?

AI-driven recruitment startups have secured around $300 million in funding in the last two months, suggesting a significant shift in the recruitment process is imminent, and that investors see this shift as a profitable and growing sector.

Read Full PostRead - Eye Icon
D&G Dobos Gerlai Advise Maltacourt During Acquisition of Mili-Cargo
Finance
02/06/2015D&G Dobos Gerlai Advise Maltacourt During Acquisition of Mili-Cargo

D&G Dobos Gerlai Advise Maltacourt During Acquisition of Mili-Cargo

Read Full PostRead - Eye Icon
Most Innovative Accountancy Firms of 2016
Finance
02/06/2016Most Innovative Accountancy Firms of 2016

Lewis Ballard Limited is a firm of accountants based in Cardiff, providing consultancy and advisory services to SMEs throughout the UK. As a company of 24 people we offer a holistic approach to our clients, including business development advice, business coach



Our Trusted Brands

Acquisition International is a flagship brand of AI Global Media. AI Global Media is a B2B enterprise and are committed to creating engaging content allowing businesses to market their services to a larger global audience. We have a number of unique brands, each of which serves a specific industry or region. Each brand covers the latest news in its sector and publishes a digital magazine and newsletter which is read by a global audience.

Arrow