7 Key Takeaways From IBM's Cost of a Data Breach Report 2024

Let's look at some of the most important insights and lessons from this year's report and how companies can transform them into strategies.

Takeaway 1: Data breach costs hit new highs with a 10% spike

Notable stats:The global average cost of a data breach surged to $4.88 million in 2024, reflecting a 10% increase from 2023‌-the largest annual spike since the pandemic. The main factors contributing to this increase are the costs associated with business disruption, lost customers, and post-breach responses, such as regulatory fines and customer remediation efforts.

Other findings:

• The United States had the highest average breach cost at $9.8 million
• Healthcare remains the costliest industry for breaches at $9.8 million per breach
• Mega breaches (those involving 1 to 10 million records) represent only a small fraction of incidents but were nearly nine times more expensive than the average breach, starting at around $42 million per breach
• Noncompliance with regulations - 22.7% increase in the share of organizations paying fines of more than $50,000
• Law enforcement involvement lowered breach costs by 20%

Fig. Global average cost of a data breach, IBM Cost of a Data Breach Report 2024

These figures demonstrate the rise of cyber assaults and the progressive complexity of the daily dangers that organizations encounter. Bad actors are using various advanced methods to breach defenses and carry out their attacks.

Key lesson: Know and protect your data landscape

Data breaches significantly impact businesses, rather than just causing small disruptions. They lead to substantial financial losses, reputation damage, and the erosion of customer confidence. It's then vital to enhance data security measures and assess potential data risks to prevent attackers from breaking in.

How Zscaler helps

Zscaler Data Security Posture Management (DSPM) can identify and protect sensitive data to mitigate the risk of data exposure, breach, and regulatory non-compliance. With Zscaler, organizations can improve visibility, conduct regular risk assessments, prioritize risk remediation, ensure compliance, and reduce data breach risk.

Takeaway 2: Exploding cloud data is a prime target

Notable stats:About 40% of all breaches involved data distributed across multiple environments. Data breaches solely involving public cloudswere the most expensive type of data breach, costing $5.17 million on average, a 13.1% increasefrom last year.

Key lesson: Strengthen risk assessment and remedy

Multicloud environments and cloud native architectures have created both complexity and a data explosion that's becoming increasingly difficult for security professionals to manage, making organizations vulnerable to breaches. Teams struggle to understand which data is in the cloud, where it's located, and who's using it.

Fig: Cost of data breach by storage location, IBM Cost of a Data Breach Report 2024

Moreover, cloud services and configurations change frequently, which can lead to data exposure. It's crucial to actively monitor, assess, and fix risks associated with new and changing data services before bad actors can exploit them.

Fig: Cost of data breach by storage location, IBM Cost of a Data Breach Report 2024

How Zscaler helps

DSPM seamlessly covers a variety of cloud environments and reads from various databases, data pipelines, object storage, and much more. What's more, it's managed and self-hosted to provide a single, consistent view of data across clouds, geographies, and organizational boundaries. This single view helps security teams to evaluate the risk of sensitive data across multicloud environments rather than individually.

Takeaway 3: Shadow data increases the risk and potential cost of breaches

Notable stats: As per the report, 35% of data breaches involved shadow data, and breaches involving shadow data led to a 16% higher coston average. Moreover, breaches involving shadow data took 26.2% longer to identify and 20.2% longer to contain. These resulted in data breaches lasting longer than the normal average life cycle of 291 days, 24.7% longer than data breaches without shadow data.

Fig: Cost of data breach including shadow data, IBM Cost of a Data Breach Report 2024

Key lesson: Monitor and protect shadow data

Managing data security across environments becomes further complicated by the impact of unmanaged or shadow data. Shadow data can cause large financial losses to a business if breached, and must be tightly secured as such. This data is often invisible to security teams, making it difficult to track, classify, and secure.

How Zscaler helps

Zscaler DSPM scans cloud data repositories to discover structured and unstructured data stores to give a clear view of the data landscape, inventory, and security posture. Security teams can easily track, classify, and secure shadow data while reducing the risk of breaches.

Takeaway 4: Common attack vectors cause substantial damage

Notable stats: Credential-based attackswere the most common attack vector, accounting for 16%of all breaches. On top of that, they took the largest amount of time to identify and contain-an average of 292 days, approximately 10 months-resulting in some of the highest breach costs.

Phishingwas the second-most costlycommon attack vector, at $4.76m on average, which led to 15% of breaches. Other common vectors included cloud misconfigurations, email compromises, and vulnerabilitiesthat led to 15%, 9%, and 5% breaches.

Fig: Average response time to identify and contain breaches caused by common attack vectors, IBM Cost of a Data Breach Report 2024

Key lesson: Focus on consistent security across environments

Organizations need a robust data security strategy that can decode weak signals to uncover hidden risks and threats, analyze attack patterns, and help security teams with swift incident response to secure data.

How Zscaler helps

Integrating DSPM solutions with cloud environments allows security teams to monitor data flows-including tracking data, access, actions, and data transfer. Organizations can leverage artificial intelligence (AI), advanced threat correlation, analytics, and machine learning (ML) to identify patterns that indicate potential security risks, such as unauthorized access, abnormal data transfers, or attempts to exfiltrate sensitive data.

Moreover, encompassing a single DLP engine for your entire data protection solution lets organizations create a policy once and apply it everywhere in their environments.

Takeaway 5: Critical infrastructure organizations under pressure to secure crown jewels

Notable stats: For the 14th year in a row, the healthcare sector saw the costliest breaches across industries with average breach costs reaching $9.77 million. While the report highlighted a 10.6% decrease from 2023, healthcare remained a prime target for cybercriminals, followed by financial services, industrial, technology, and energy organizations. Organizations in these industries also reported the largest fines for regulatory violations such as GDPR violations.

Fig: Cost of data breach by industry, IBM Cost of a Data Breach Report 2024

Key lesson: Modernize and simplify security stack

Organizations in these industries generate and hold a vast amount of personal and sensitive information, with data often data scattered with default access. It's loosely exchanged with third-party partners, such as agencies, research firms, and service providers, which creates opportunities for data breaches and insider threats, underscoring the need for stringent data protection protocols.

Most organizations opt for a siloed security approach with multiple security products that exacerbates the complexity of security challenges. As such, it's crucial for organizations to modernize their security stack to better protect data and reduce breach costs.

How Zscaler helps

With Zscaler's comprehensive data protection platform, organizations can secure their structured and unstructured data across all channels, including web, SaaS, public clouds (AWS, Azure, GCP), private apps, email, and endpoints.

Takeaway 6: AI and automation reduce breach costs

Notable stats: 53% of organizations that experienced a data breach in 2024 reported significant shortages in their security staff. This shortage is directly linked to higher costs associated with data breaches, as organizations with severe staffing shortages had to pay an extra $1.76 millionfor breach-related expenses.

In the face of this growing challenge, there's been a marked shift towards AI and automation tools within security operations. The report highlights the fact that AI and automation can alleviate some of the workload and optimize security. According to the report, organizations that deployed security, AI, and automation extensively across their operations saved an average of $2.2 millioncompared to those that did not.

Fig: Cost of a data breach by AI and automation usage level; IBM Cost of a Data Breach Report 2024

Key lesson: Implement advanced AI and automation for data security

For organizations seeking to mitigate the risk of a data breach, investing in security automation is no longer optional-it's essential. Due to a shortage of skilled manpower, companies have had to manually enforce security processes and data security policies, which can prove to be error-prone and inefficient, particularly in complex cloud environments.

Moreover, human error can introduce risks such as misconfigured access control or overlooked data transfers. AI and automation can enable security teams to act faster, reducing the time to identify and contain breaches, which in turn lowers breach costs overall.

How Zscaler helps

Organizations can leverage AI-powered DSPM to understand data context, making discovery and classification affordable at scale, and empowering cross-functional teams to be part of the solution. Moreover, DSPM can enforce automated, consistent security policies, like encryption, access control, data retention, and deletion, across various environments, ensuring uniformity and reducing non-compliance risk. By automating security policies, organizations can streamline processes to ensure that data is secured according to established rules and regulatory requirements.

Takeaway 7: Slow response increases risk and cost

Notable stats:The average time to identify and contain a data breach dropped to 258 days, reaching a 7-year low, compared to 277 days the previous year. Roughly one-third of organizations took more than three-quarters for a complete recovery.

Fig: Time to identify and contain a data breach, IBM Cost of a Data Breach Report 2024

Key lesson: Enhance breach detection and incident response plans

This is a significant amount of time to detect and contain breaches, and it highlights the importance of having a strong plan in place to detect and contain data breaches as quickly as possible.

Fig: Time to identify and contain a data breach, IBM Cost of a Data Breach Report 2024

How Zscaler helps

Zscaler DSPM leverages AI, ML, and advanced threat correlation capabilities to aggregate and effortlessly transform security data into meaningful insights to uncover hidden risks or attack vectors that could lead to a compromise or breach. This can be backed by near-real-time alerts and notification with remediation guidance that enables security teams to focus on what matters most.

Public link

Please use the above public link if you want to share this noodl on another website.