《IBM:2023年数据泄露成本报告(英文版)(78页).pdf》由会员分享,可在线阅读,更多相关《IBM:2023年数据泄露成本报告(英文版)(78页).pdf(78页珍藏版)》请在三个皮匠报告上搜索。
1、Cost of a Data Breach Report 2023IBM SecurityTable of contents01 Executive summary Whats new in the 2023 report Key findings02 Complete findings Global highlights Initial attack vectors Identifying attacks Data breach lifecycle Key cost factors Ransomware and destructive attacks Business partner sup
2、ply chain attacks Software supply chain attacks Regulatory environments Cloud breaches Mega breaches Security investments Security AI and automation Incident response Threat intelligence Vulnerability and risk management Attack surface management Managed security service providers(MSSPs)03 Recommend
3、ations to help reduce the cost of a data breach04 Organization demographics Geographic demographics Industry demographics Industry definitions05 Research methodology How we calculate the cost of a data breach Data breach FAQs Research limitations06 About Ponemon Institute and IBM Security Take the n
4、ext steps 2013Next sectionExecutive summaryThe Cost of a Data Breach Report equips IT,risk management and security leaders with quantifiable evidence to help them better manage their security investments,risk profile and strategic decision-making processes.The 2023 edition represents this reports 18
5、th consecutive year.This years researchconducted independently by Ponemon Institute and sponsored,analyzed and published by IBM Securitystudied 553 organizations impacted by data breaches that occurred between March 2022 and March 2023.The years mentioned in this report refer to the year the report
6、was published,not necessarily the year of the breach.The breaches studied took place across 16 countries and regions and in 17 different industries.Throughout this report,well examine the root causes and both short-term and long-term consequences of data breaches.Well also explore the factors and te
7、chnologies that enabled companies to limit lossesas well as those that led to increased costs.4Each year,we continue to evolve the Cost of a Data Breach Report to match new technologies,emerging tactics and recent events.For the first time,this years research explores:Next sectionPrevious section01E
8、xecutive summary How breaches are identified:whether by an organizations own security teams,another third party or the attacker The impact of involving law enforcement in a ransomware attack The effect of ransomware playbooks and workflows Specific costs associated with regulatory fines If and how c
9、ompanies plan to increase security investment as a result of a breach The impact of the following mitigation strategies:Threat intelligence Vulnerability and risk management Attack surface management(ASM)Managed security service providers(MSSPs)Whats new in the 2023 reportAs the cost of a breach con
10、tinues to increase,this report delivers essential insights to help security and IT teams better manage risk and limit potential losses.The report is divided into five major sections:The executive summary with key findings and whats new in the 2023 edition In-depth analysis on the complete findings,i
11、ncluding breach costs by geographic region and industry Security recommendations from IBM Security experts based on this reports results Demographics of organizations and industry definitions The studys methodology,including how costs were calculatedThe key findings described here are based on IBM S
12、ecurity analysis of research data compiled by Ponemon Institute.Cost amounts in this report are measured in US dollars(USD).015Next sectionPrevious sectionKey findingsAverage total cost of a breach The average cost of a data breach reached an all-time high in 2023 of USD 4.45 million.This represents
13、 a 2.3%increase from the 2022 cost of USD 4.35 million.Taking a long-term view,the average cost has increased 15.3%from USD 3.86 million in the 2020 report.Percentage of organizations planning to increase security investments as a result of a breach While data breach costs continued to rise,report p
14、articipants were almost equally split on whether they plan to increase security investments because of a data breach.The top areas identified for additional investments included incident response(IR)planning and testing,employee training,and threat detection and response technologies.The effect of e
15、xtensive security AI and automation on the financial impact of a breach Security AI and automation were shown to be important investments for reducing costs and minimizing time to identify and contain breaches.Organizations that used these capabilities extensively within their approach experienced,o
16、n average,a 108-day shorter time to identify and contain the breach.They also reported USD 1.76 million lower data breach costs compared to organizations that didnt use security AI and automation capabilities.USD 4.45M51%USD 1.76M016Next sectionPrevious section1 in 3 Number of breaches identified by
17、 an organizations own security teams or tools Only one-third of companies discovered the data breach through their own security teams,highlighting a need for better threat detection.67%of breaches were reported by a benign third party or by the attackers themselves.When attackers disclosed a breach,
18、it cost organizations nearly USD 1 million more compared to internal detection.82%The percentage of breaches that involved data stored in the cloudpublic,private or multiple environments Cloud environments were frequent targets for cyberattackers in 2023.Attackers often gained access to multiple env
19、ironments,with 39%of breaches spanning multiple environments and incurring a higher-than-average cost of USD 4.75 million.53.3%Since 2020,healthcare data breach costs have increased 53.3%The highly regulated healthcare industry has seen a considerable rise in data breach costs since 2020.For the 13t
20、h year in a row,the healthcare industry reported the most expensive data breaches,at an average cost of USD 10.93 million.USD 470,000Additional cost experienced by organizations that didnt involve law enforcement in a ransomware attackThis years research shows that excluding law enforcement from ran
21、somware incidents led to higher costs.While 63%of respondents said they involved law enforcement,the 37%that didnt also paid 9.6%more and experienced a 33-day longer breach lifecycle.Executive summary017Next sectionPrevious sectionUSD 1.02MAverage cost difference between breaches that took more than
22、 200 days to find and resolve,and those that took less than 200 daysTime to identify and contain breachesknown as the breach lifecyclecontinues to be integral to the overall financial impact.Breaches with identification and containment times under 200 days cost organizations USD 3.93 million.Those o
23、ver 200 days cost USD 4.95 milliona difference of 23%.USD 1.44M Increase in data breach costs for organizations that had high levels of security system complexity Organizations that reported low or no security system complexity experienced an average data breach cost of USD 3.84 million in 2023.Thos
24、e with high levels of security system complexity reported an average cost of USD 5.28 million,representing an increase of 31.6%.USD 1.68MUSD 1.49MCost savings from high levels of DevSecOps adoption Integrated security testing in the software development process(DevSecOps)showed sizable ROI in 2023.O
25、rganizations with high DevSecOps adoption saved USD 1.68 million compared to those with low or no adoption.Compared to other cost-mitigating factors,DevSecOps demonstrated the largest cost savings.Cost savings achieved by organizations with high levels of IR planning and testing In addition to being
26、 a priority investment for organizations,IR planning and testing emerged as a highly effective tactic for containing the cost of a data breach.Organizations with high levels of IR planning and testing saved USD 1.49 million compared to those with low levels.Executive summary028Next sectionPrevious s
27、ectionComplete findingsIn this section,we provide the detailed findings of this report across 18 themes.Topics are presented in the following order:Global highlights Initial attack vectors Identifying attacks Data breach lifecycle Key cost factors Ransomware and destructive attacks Business partner
28、supply chain attacks Software supply chain attacks Regulatory environments Cloud breaches Mega breaches Security investments Security AI and automation Incident response Threat intelligence Vulnerability and risk management Attack surface management Managed security service providersGlobal highlight
29、sThe Cost of a Data Breach Report provides a global picture of the cost of data breaches,built using data from over 553 breaches in 16 different countries and taking into account hundreds of cost factors.This section examines critical metrics at the level of global average.We also explore the averag
30、e per-record comparative costs between countries and industries.Complete findings02USD 4.45MGlobal average total cost of a data breachFigure 1.The cost of a data breach climbed to a new high.Globally,the average cost of a data breach rose to USD 4.45 million,a USD 100,000 increase from 2022.This rep
31、resents a 2.3%increase from the 2022 average cost of USD 4.35 million.Since 2020,when the average total cost of a data breach was USD 3.86 million,the average total cost has increased 15.3%.Figure 2.Per-record cost of a data breach also reached a new high.In 2023,the average cost per record involved
32、 in a data breach was USD 165,a small increase from the 2022 average of USD 164.This matches the relatively small growth from 2021 to 2022,where the cost rose by just USD 3.In the last seven years,the largest increase in average per-record costs was between 2020 and 2021,when the average rose from U
33、SD 146 to USD 161 or 10.3%.This study examined breaches sized between 2,200 and 102,000 records.110Next sectionPrevious sectionComplete findings0220020202120222023$141$148$150$146$161$164$165$135$140$145$150$155$160$165$170Total cost of a data breachFigure 1.Measured in USD millionsPer-re
34、cord cost of a data breach Figure 2.Measured in USD$3.62$3.86$3.92$3.86$4.24$4.35$4.45$2.50$3.00$3.50$4.00$4.50$5.0020020202120222023Of this years top five,Japan is the only country that didnt appear on the 2022 top five list,moving up from the number 6 most expensive spot last year.The t
35、op 5 list last year also included the United Kingdom(UK)at an average data breach cost of USD 5.05 million.This year,the UK saw a significant drop in average cost at USD 4.21 milliondown 16.6%from last yearresulting in placement just outside of the top five.The United States again had the highest av
36、erage total cost of a data breach at USD 9.48 million,an increase of 0.4%from last years USD 9.44 million.Like last year,the Middle East had the second-highest average total cost of a data breach at USD 8.07 million,up 8.2%from USD 7.46 million.11Next sectionPrevious section202320221United States US
37、D 9.48 million United States USD 9.44 million2Middle East USD 8.07 million Middle East USD 7.46 million3CanadaUSD 5.13 million CanadaUSD 5.64 million4GermanyUSD 4.67 million United Kingdom USD 5.05 million5Japan USD 4.52 millionGermany USD 4.85 millionFigure 3.For the 13th consecutive year,the Unite
38、d States held the title for the highest data breach costs.The top five countries or regions with the highest average cost of a data breach saw considerable changes from 2022.Complete findings02In Canada,the average total cost of a data breach decreased from USD 5.64 million to USD 5.13 million or 9%
39、.The average cost also decreased in Germany,dropping from USD 4.85 million to USD 4.67 million or 3.7%.Japan saw the average drop slightly,from USD 4.57 million to USD 4.52 million or 1.1%.#1United States2022$9.442023$9.48#2Middle East2022$7.462023$8.07#3Canada2022$5.642023$5.13#4Germany2022$4.85202
40、3$4.67#5Japan2022$4.572023$4.52#6UnitedKingdom2022$5.052023$4.21#7France2022$4.342023$4.08#8Italy2022$3.742023$3.86#9Latin America2022$2.802023$3.69#10South Korea2022$3.572023$3.48#11ASEAN2022$2.872023$3.05#12South Africa2022$3.362023$2.79#13Australia2022$2.922023$2.70#14India2022$2.322023$2.18#15Sc
41、andinavia2022$2.082023$1.91#16Brazil2022$1.382023$1.22 Cost of a data breach by country or regionFigure 3.Measured in USD millionsComplete findings022Figure 4.Across industries,healthcare reported the highest costs for the 13th year in a row.Healthcare continues to experience the highest data breach
42、 costs of all industries,increasing from USD 10.10 million in 2022 to USD 10.93 million in 2023an increase of 8.2%.Over the past three years,the average cost of a data breach in healthcare has grown 53.3%,increasing more than USD 3 million compared to the average cost of USD 7.13 million in 2020.Hea
43、lthcare faces high levels of industry regulation and is considered critical infrastructure by the US government.Since the start of the COVID-19 pandemic,the industry has seen notably higher average data breach costs.The top five most costly industries underwent some changes from last years rankings.
44、Technology dropped out of the 13Next sectionPrevious section202320221Healthcare USD 10.93 million Healthcare USD 10.10 million2Financial USD 5.90 million FinancialUSD 5.97 million3PharmaceuticalsUSD 4.82 million PharmaceuticalsUSD 5.01 million4EnergyUSD 4.78 million Technology USD 4.97 million5Indus
45、trial USD 4.73 millionEnergy USD 4.72 milliontop five while the industrial sector was added,showing a 5.8%increase as it moved from the seventh-highest to the fifth.According to IBM threat intelligence,manufacturing is the industry most commonly targeted by cybercriminals.Complete findings02Cost of
46、a data breach by industryFigure 4.Measured in USD millions$2.07$3.28$2.94$3.15$3.83$3.88$3.86$3.86$3.62$3.59$4.70$4.97$4.47$4.72$5.01$5.97$10.10$2.60$2.96$3.36$3.58$3.62$3.63$3.65$3.80$3.90$4.18$4.47$4.66$4.73$4.78$4.82$5.90$10.93$0.00$1.00$2.00$3.00$4.00$5.00$6.00$7.00$8.00$9.00$10.00$11.00Public s
47、ectorRetailHospitalityMediaEntertainmentResearchEducationConsumerCommunicationsTransportationProfessional servicesTechnologyIndustrialEnergyPharmaceuticalsFinancialHealthcare202320227297373757073257266279280287277277050030020020202120222023MTTIMTTCFigure 5
48、.Mean times to identify and contain breaches stayed roughly the same.Compared to 2022,both the mean time to identify(MTTI)and the mean time to contain(MTTC)breaches saw only marginal changes.Mean time to identify refers to the time it takes an organization to uncover a security breach.Mean time to c
49、ontain refers to the time required to resolve a security breach once it has been identified.14Next sectionPrevious sectionIn 2022,it took organizations 207 days to identify a breach.In 2023,it took only 204 days.On the other hand,organizations required an average of 73 days to contain breaches in 20
50、23,while they required just 70 days on average in 2022.The highest mean times to contain and identify breaches both occurred in 2021,at 212 and 75 days,respectively.Complete findings02Time to identify and contain the breachFigure 5.Measured in daysCost of a data breach divided into four cost segment
51、sFigure 6.Measured in USD millionsFigure 6.Lost business costs hit a five-year low.Last years report saw detection and escalation costs rise to become the costliest category of data breach expenses,indicating a shift toward longer and more-complex breach investigations.The trend continued this year
52、as detection and escalation costs remained in the top spot and rose from USD 1.44 million to USD 1.58 million,demonstrating a change of USD 140,000 or 9.7%.Detection and escalation costs include activities that enable a company to reasonably detect a breach and can include forensic and investigative
53、 activities,assessment and audit services,crisis management,and communications to executives and boards.The other key cost segments of a data breachlost business cost,post-breach response and notificationalso saw changes compared to 2022.Lost business costs dropped 8.5%,from USD 1.42 million in 2022
54、 to USD 1.30 million in 2023.Lost business costs include activities such as business disruptions and revenue losses from system downtime,the cost of lost customers and acquiring new customers,and reputation losses and diminished goodwill.Notably,the notification cost segment rose from USD 310,000 in
55、 2022 to USD 370,000 in 2023,which represents a 19.4%increase.Post-breach response costs rose by just USD 20,000.Notification costs include activities that enable the company to notify data subjects,data protection regulators and other third parties.15Next sectionPrevious section200212022
56、2023NotificationPost-breach responseDetection and escalationLost business cost$1.45$1.42$1.52$1.59$1.42$1.30$1.23$1.22$1.11$1.24$1.44$1.58$1.02$1.07$0.99$1.14$1.18$1.20$0.16$0.21$0.24$0.27$0.31$0.37$0.00$0.50$1.00$1.50$2.00$2.50$3.00$3.50$4.00$4.50Complete findings02Figure 7.Smaller organizations fa
57、ced considerably higher data breach costs than last year.In 2023,organizations with more than 5,000 employees saw the average cost of a data breach decrease compared to 2022.On the other hand,those with 5,000 or fewer employees saw considerable increases in the average cost of a data breach.Organiza
58、tions with fewer than 500 employees reported that the average impact of a data breach increased from USD 2.92 million to USD 3.31 million or 13.4%.Those with 5001,000 employees saw an increase of 21.4%,from USD 2.71 million to USD 3.29 million.In the 1,0015,000 employee range,the average cost of a d
59、ata breach increased from USD 4.06 million to USD 4.87 million,rising nearly 20%.In the 10,00125,000 range,respondents reported an average cost of USD 5.46 million,a decrease of 1.8%from 2022s figure of USD 5.56 million.Organizations with more than 25,000 employees saw the average cost drop from USD
60、 5.56 million in 2022 to USD 5.42 million in 2023,a decrease of USD 140,000 or 2.5%.16Next sectionPrevious sectionComplete findings02Cost of a data breach by head countFigure 7.Measured in USD millions$2.95$2.61$4.05$5.10$5.47$5.28$2.92$2.71$4.06$5.18$5.56$5.69$3.31$3.29$4.87$4.33$5.46$5.42$0.00$1.0
61、0$2.00$3.00$4.00$5.00$6.00Fewer than 500employees5001,000employees1,0015,000employees5,00110,000employees10,00125,000employeesMore than 25,000employees202120222023Figure 8.Most organizations continue to increase the prices of services and products as a result of a data breach.The majority(57%)of res
62、pondents indicated that data breaches led to an increase in the pricing of their business offerings,passing on costs to consumers.This finding is similar to our 2022 report,where 60%of respondents said they increased prices.Did the data breach result in your organization increasing the cost of servi
63、ces and products?Figure 8.Share of total sample of breached organizationsYes57%No43%17Next sectionPrevious sectionComplete findings02$0$40$80$120$160$200$183Customer PII$181Employee PII$168Other corporate data$138Anonymized customer data(non-PII)$156Intellectual propertyFigures 9a and 9b.Customer PI
64、I was the costliestand most commonrecord compromised.Of all record types,customer and employee personal identifiable information(PII)was the costliest to have compromised.In 2023,customer PII such as names and Social Security numbers cost organizations USD 183 per record,with employee PII close behi
65、nd at USD 181 per record.The least expensive record type to have compromised is anonymized customer data,which cost organizations USD 138 per record in 2023.As was the case in 2022 and 2021,customer PII was the most commonly breached record type in 2023.52%of all breaches involved some form of custo
66、mer PII.This is an increase of five percentage points from 2022,when customer PII accounted for 47%of all data compromised.The second-most commonly compromised data type was employee PII at 40%.Compromised employee PII has seen sizable growth from 2021,when it only accounted for 26%of all records co
67、mpromised.Compromised intellectual property grew three percentage points since 2022,while anonymized(non-PII)data dropped seven percentage points from 2022decreasing from 33%to 26%.Other corporate data,such as financial information and client lists,increased from 15%of data compromised in 2022 to 21
68、%in 2023.18Next sectionPrevious sectionComplete findings02Type of data compromisedFigure 9a.More than one response permittedPer-record cost of a data breach by type of record compromisedFigure 9b.Measured in USD12%15%21%Other corporate data28%33%26%27%31%34%Intellectual property26%34%40%Employee PII
69、44%47%52%Customer PII0%10%20%30%40%50%60%20232022202119Next sectionPrevious sectionUSD 4.90MAverage cost of a data breach with a malicious insider initial attack vector16%Percentage of breaches in which phishing was the initial attack vectorInitial attack vectorsThis section examines the initial att
70、ack vector identified for data breaches in the study and its impact on the breach cost and timeline.It identifies the most common root causes for data breaches in the report and compares the average cost of breaches for each category as well as the average time to identify and contain those breaches
71、.Phishing and stolen or compromised credentials were the two most prevalent attack vectors in this years report,and both also ranked among the top four costliest incident types.Complete findings02Figure 10.Phishing and stolen or compromised credentials were the two most common initial attack vectors
72、.Phishing and stolen or compromised credentials were responsible for 16%and 15%of breaches,respectively,with phishing moving into the lead spot by a small margin over stolen credentials,which was the most common vector in the 2022 report.Cloud misconfiguration was identified as the initial vector fo
73、r 11%of attacks,followed by business email compromise at 9%.This year,for the first time,the report examined both zero-day(unknown)vulnerabilities as well as known,unpatched vulnerabilities as the source of the data breach and found that more than 5%of the breaches studied originated from known vuln
74、erabilities that had yet to be patched.Although relatively rare at 6%of occurrences,attacks initiated by malicious insiders were the costliest,at an average of USD 4.90 million,which is 9.6%higher than the global average cost of USD 4.45 million per data breach.Phishing was the most prevalent attack
75、 vector and the second most expensive at USD 4.76 million.Breaches attributed to system error were the least costly,at an average of USD 3.96 million,and the least common,at 5%of occurrences.20Next sectionPrevious sectionFigure 10.Measured in USD millionsBusiness email compromise$4.67Cloud misconfig
76、uration$4.00Phishing$4.76Physical security compromise$4.10Social engineering$4.55Stolen or compromised credentials$4.62Unknown(zero-day)vulnerability$4.45$3.50$3.80$4.10$4.40$4.70$5.004%6%8%10%12%14%16%18%Accidental data loss or lost or stolen device$4.46Known unpatched vulnerability$4.17Malicious i
77、nsider$4.90System error$3.96Complete findings02Cost and frequency of a data breach by initial attack vector0500300350MTTIMTTC24088328Stolen or compromised credentials22880308Malicious insider21880298Social engineering21776293Phishing20578283Accidental data loss or lost or stolen device195
78、77272Unknown(zero-day)vulnerability19869267Physical security compromise19472266Business email compromise19068258Cloud misconfiguration18370253Known unpatched vulnerability18056236System errorFigure 11.Breaches that initiated with stolen or compromised credentials and malicious insiders took the long
79、est to resolve.This year,it took nearly 11 months(328 days)to identify and contain data breaches resulting from stolen or compromised credentials,on average,and about 10 months(308 days)to resolve breaches that were initiated by a malicious insider.Those two vectors,along with phishing and business
80、email compromise,were also responsible for the costliest breaches.As a point of comparison,the overall mean time to identify and contain a data breach was 277 days or just over nine months.That figure has remained relatively constant over the past few years of the report.21Next sectionPrevious secti
81、onComplete findings02Time to identify and contain a data breach by initial attack vectorFigure 11.Measured in days22Next sectionPrevious section33%Only one-third of breaches were identified by the organizations internal security teams and toolsIdentifying attacks This section looks at how breaches w
82、ere identified and the differences in cost and containment time based on the identification method,analyses that are reported for the first time this year.There are three categories that define how breaches are identified:by an organizations internal security teams and tools,including managed securi
83、ty service providers(MSSPs);by a benign third party,such as a security researcher or law enforcement;and by disclosure from the attacker,as in the case of ransomware.Complete findings02Figure 12.Breaches were most commonly identified by a benign third party.40%of breaches were identified by a benign
84、 third party or outsider,whereas 33%of breaches were identified by internal teams and tools.Over one-quarter or 27%of breaches were disclosed by the attacker as part of a ransomware attack.Figure 13.Data breaches disclosed by the attacker,such as with ransomware,cost significantly more.Attacks discl
85、osed by attackers had an average cost of USD 5.23 million,which was a 19.5%or USD 930,000 difference over the average cost of breaches identified through internal security teams or tools of USD 4.30 million.Additionally,breaches disclosed by attackers cost 16.1%or USD 780,000 more than the USD 4.45
86、million average cost of a data breach for 2023.Breaches identified by an organizations own security teams and tools were significantly less expensive,costing nearly USD 1 million less than incidents disclosed by the attacker.23Next sectionPrevious sectionHow was the breach identified?Figure 12.Only
87、one response permittedCost of a data breach by how the breach was identifiedFigure 13.Measured in USD millionsComplete findings020%5%10%15%20%25%30%35%40%45%27%By disclosure from the attacker33%By the organizationssecurity teams and tools40%By a benign third party$4.68By a benign third party$0.00$1.
88、00$2.00$3.00$4.00$5.00$6.00$5.23By disclosure from the attacker$4.30Figure 14.Data breaches disclosed by the attacker also took the longest time to identify and contain.Respondents required a mean time of 320 days to identify and contain breaches disclosed by the attacker.This time frame was 80 addi
89、tional days or 28.2%longer compared to breaches identified internally,which took a mean time of 241 days to identify and contain.The mean time to identify and contain a breach disclosed by the attacker took 47 days or 15.9%longer compared to breaches identified by a benign third party.24Next section
90、Previous sectionTime to identify and contain a breach by how the breach was identifiedFigure 14.Measured in daysComplete findings020500300350MTTIMTTC23387320By disclosure from the attacker20370273By a benign third party18259241By the organizations security teams and toolsNext sectionPrevi
91、ous sectionData breach lifecycleThe data breach lifecycle is defined as the elapsed time between the initial detection of the breach and its containment.“Time to identify”describes the time,in days,it takes to discover an incident.“Time to contain”refers to the time,in days,it takes for an organizat
92、ion to resolve the situation and restore service after the breach has been detected.These two metrics help determine the effectiveness of an organizations IR and containment processes.Complete findings02277 daysTime to identify and contain a data breachFigure 15.A shorter data breach lifecycle conti
93、nues to be associated with lower data breach costs.A shorter data breach lifecycle of fewer than 200 days was associated with an average cost of USD 3.93 million,while a longer lifecycle of more than 200 days was associated with an average cost of USD 4.95 million.This reflects a 23%difference and a
94、 cost savings of USD 1.02 million for the shorter lifecycle.Looking back at previous years,the average cost of a data breach based on the 200-day lifecycle has been relatively consistent,although it changed incrementally.For a data breach lifecycle of fewer than 200 days,the 2023 value of USD 3.93 m
95、illion grew 5.1%from the previous years average cost of USD 3.74 million.For a data breach lifecycle of more than 200 days,the 2023 value of USD 4.95 million grew 1.9%from the previous years average cost of USD 4.86 million.The average cost savings of USD 1.02 million reported in 2023 reflects an 8.
96、9%decrease from 2022s cost savings of USD 1.12 million.26Next sectionPrevious sectionCost of a data breach based on the breach lifecycleFigure 15.Measured in USD millionsComplete findings02$3.93$4.95$0.00$1.00$2.00$3.00$4.00$5.00$6.00Lifecycle2 years2023 averageLow regulationHigh regulation$5.04Othe
97、r industries$3.78Cost of a data breach for critical infrastructure industries versus other industries Figure 31.Data breach costs for critical infrastructure industries exceed USD 5 million.Critical infrastructure organizations included those in the financial services,industrial,technology,energy,tr
98、ansportation,communication,healthcare,education and public sector industries.These organizations incurred data breach costs that were USD 1.26 million higher than the average cost of USD 3.78 million for organizations in other industries,a difference of 28.6%.This USD 5.04 million value also reflect
99、s a 4.6%increase of USD 4.82 million over the 2022 reported average cost of a data breach for critical infrastructure industries.41Next sectionPrevious sectionComplete findings02Figure 31.Measured in USD millionsFigures 32 and 33.Fewer than one-third of organizations incurred fines due to data breac
100、hes,and 80%of fines amounted to USD 250,000 or less.Of the organizations studied,31%incurred fines as a result of a data breach,and only 20%of those fines exceeded USD 250,000.A fine of USD 250,000 represented 5.6%of the average total cost of a data breach in the 2023 report.42Next sectionPrevious s
101、ectionDid your organization incur any fines from the data breach?Figure 32.Share of all organizations31%69%Incurred finesNo finesDistribution of cost of fines incurred from a data breachFigure 33.Among those that experienced fines,as measured in USDComplete findings020%5%10%15%20%25%30%15%Less than$
102、25,00019%$25,000$50,00025%$50,001$100,00021%$101,001$250,00020%More than$250,00043Next sectionPrevious section82%Share of breaches that involved data stored in cloud environmentspublic cloud,private cloud or across multiple environmentsCloud breachesThe cost and duration of a breach varied depending
103、 on where the data was stored.Most commonly,the breaches studied included data that spanned multiple environmentsincluding cloud and on premisesand breaches of this type also contributed to higher costs and longer time to identify and contain a data breach.Complete findings02Figure 34.Breaches most
104、commonly impacted data stored across multiple environments.The largest percentage of breaches,39%,involved data stored across multiple environments,followed by 27%of breaches that involved data stored in the public cloud.The number of breaches occurring across multiple environments surpassed the com
105、bined 34%of breaches occurring only in private cloud or on-premises environments.44Next sectionPrevious sectionWhere was the breached data stored?Figure 34.Share of all breachesComplete findings02Figure 35.Data breaches in public clouds and multiple environments had higher costs.In the 2023 report,t
106、he cost of data breaches across multiple environments reached USD 4.75 million,the highest cost of the environments analyzed,and 17.6%higher than the USD 3.98 million cost of data breaches in a private cloud environment,which was the lowest cost of the environments analyzed.The cost of data breaches
107、 across multiple environments also exceeded the average cost of a data breach of USD 4.45 million by a margin of 6.5%.Cost of a data breach by storage location of breached dataFigure 35.Measured in USD millions$3.98$4.57$3.99$4.75$0.00$0.50$1.00$1.50$2.00$2.50$3.00$3.50$4.00$4.50$5.00On premisesPubl
108、ic cloudPrivate cloud16%27%18%39%0%5%10%15%20%25%30%35%40%Across multiple typesof environmentsOn premisesPublic cloudPrivate cloudFigure 36.The use of public clouds and multiple environments also contributes to longer data breach lifecycles.The longest time to identify and contain a breach involved
109、data stored across multiple environments,taking 291 days.This interval exceeded the shortest time to identify and contain a breachwhich was 235 days in a private cloud environmentby 56 days or 21.3%.Its also worth noting that the use of multiple environments is the only model that exceeds the 2023 r
110、eported average time to identify and contain a data breach of 277 days by a margin of 14 days or 4.9%.45Next sectionPrevious sectionTime to identify and contain a data breach by storage location of breached dataFigure 36.Measured in daysComplete findings0217854232On premises0500300MTTIMTT
111、C17856235Private cloud20769276Public cloud21676291Across multiple typesof environments46Next sectionPrevious sectionUSD 332MAverage total cost for breaches of 50 million to 60 million recordsMega breachesMega breaches,characterized by more than one million compromised records,are relatively rare.But
112、 they exert a powerful impact due to their outsized scope.This years study included 20 organizations that endured the loss or theft of between 1 million and 60 million records due to data breaches.The study deployed a distinct methodology to examine those mega breaches.They were considered separatel
113、y from the studys other 553 breaches,each including no more than 101,200 lost or compromised records.For a full explanation of the research methodology,see the data breach FAQs at the end of this report.Complete findings02Figure 37.The cost of mega breaches fell in the 2023 report.Across all breach
114、size cohorts,the average cost of a mega breach fell to varying degrees.The highest percentage decrease occurred in the 1 million to 10 million cohort,with a 26.5%decrease from USD 49 million in the 2022 report to USD 36 million in the 2023 report.The smallest percentage decrease occurred in the 30 m
115、illion to 40 million cohort,with a 3.8%decrease from USD 316 million in the 2022 report to USD 304 million in the 2023 report.In the 50 million to 60 million cohort,the 2022 reported cost of USD 387 million decreased by USD 55 million or 14.2%to equal USD 332 million in the 2023 report.47Next sectio
116、nPrevious sectionCost of a mega breach by number of records lostFigure 37.Measured in USD millionsComplete findings02$0$50$100$150$200$250$300$350$40020222023$332$38750M60M$328$37940M50M30M40M$304$316$225$24120M30M$166$18010M20M 1M10M$36$4948Next sectionPrevious sectionSecurity investmentsThis secti
117、on examines the security investment strategies that organizations adopted after experiencing a data breach.Well explore how often organizations increased spending after a breach as well as how they chose to allocate funds.Complete findings0251%Percentage of organizations increasing security investme
118、nts after a breachFigure 38.Respondents were split on increasing security investment after a breach.Even as the global cost of a data breach increased,research participants reported divided perspectives on increasing security investments after an incident.51%of respondents indicated they planned for
119、 additional security spending after the breach.49Next sectionPrevious sectionFollowing the data breach,will your organization increase its security investment?Figure 38.Percentage of all organizationsComplete findings0251%49%Will increase security investmentWont increase security investment50Next se
120、ctionPrevious sectionFigure 39.IR planning and testing and employee training saw significant post-breach investment.Of the 51%that increased spending after a breach,organizations most common investment was in IR planning and testing at 50%,followed closely by employee training at 46%.Threat detectio
121、n and response technologies placed third at 38%,making them the top-ranked technology or tool investment considered in this section.Notably,these three investments map closely to top factors associated with lower data breach costs that are explored in this years key cost factors section.At only 18%o
122、f respondents,insurance protection was the least common investment after a breach.Most common investment types among those increasing security investments following a breachFigure 39.Share among organizations that are increasing investment;more than one response permittedComplete findings020%10%20%3
123、0%40%50%18%Insurance protection25%Data security or protection tools31%Managed security services32%IAM35%Offensive security testing38%Threat detection and response technologies46%Employee training50%IR plan and testing51Next sectionPrevious section108 daysOrganizations with extensive use of security
124、AI and automation identified and contained a data breach 108 days faster than organizations with no use.Security AI and automationWith security AI and automation use cases for the security industry advancing,this report examines the impact of these technologies on data breach costs and timelines.Exa
125、mples include the use of AI,machine learning,automation and orchestration to augment or replace human intervention in detection and investigation of threats as well as the response and containment process.On the opposite end of the spectrum are processes driven by manual inputs,often across dozens o
126、f tools and complex,nonintegrated systems,without data shared between them.Though this is the sixth year of investigating the impact of AI and automation on cybersecurity,this year were introducing new criteria that considered AIs permeation throughout an organizations security processes as opposed
127、to its level of deploymentranging from not deployed to partially or fully deployedin prior years data.“Extensive use”refers to the integration of security AI and automation throughout operations,including several different tool sets and capabilities.“Limited use”refers to applying AI to just one or
128、two use cases within security operations.“No use”refers to security processes that are driven solely by manual inputs.Complete findings02State of security AI and automation comparing three usage levelsFigure 40.Percentage of organizations per usage level28%33%39%0%5%10%15%20%25%30%35%40%45%Extensive
129、 useLimited useNo useFigure 40.A 61%majority of organizations employ some level of security AI and automation.Only 28%of organizations extensively used security AI and automation tools in their cybersecurity processes,while 33%had limited use.That leaves nearly 4 in 10 relying solely on manual input
130、s in their security operations.52Next sectionPrevious sectionFigure 41.Measured in USD millionsCost of a data breach by security AI and automation usage level$3.60$4.04$5.36$0.00$1.00$2.00$3.00$4.00$5.00$6.00Extensive useLimited useNo useFigure 41.Extensive security AI and automation use delivered c
131、ost savings of nearly USD 1.8 million.Organizations with extensive use of security AI and automation demonstrated the highest cost savings comparatively,with an average cost of a data breach at USD 3.60 million,which was USD 1.76 million less and a 39.3%difference compared to no use.Even organizatio
132、ns with limited use of security AI and automation measured an average cost of a data breach of USD 4.04 million,which was USD 1.32 million less or a 28.1%difference compared to no use.However,organizations with no use of security AI and automation experienced an average cost of a data breach of USD
133、5.36 million.This is 18.6%more than the 2023 average cost of a data breach of USD 4.45 million.Complete findings02Figure 42.Extensive security AI and automation reduced the time to identify and contain a breach by more than 100 days.Respondents from organizations that extensively used security AI an
134、d automation were able to identify and contain a breach in 214 days,which was 108 days shorter than those with no use.This means identifying and containing a breach with extensive use of security AI and automation took just 66%of the time it took organizations with no use.Limited use also made a sig
135、nificant impact,with an average time to identify and contain a breach in 234 days,which was 88 days shorter than organizations with no use.Its clear that even a limited effort to integrate security AI and automation into security workflows can offer a significant acceleration in the time to identify
136、 and contain a breach as well as a sizable reduction in costs.53Next sectionPrevious sectionTime to identify and contain a data breach by security AI and automation use levelFigure 42.Measured in daysComplete findings02050030025755325MTTIMTTC16747214Extensive use17262234Limited
137、 use23785322No use54Next sectionPrevious sectionIncident responseIR strategies and tactics have been instrumental in reducing the impact of data breaches.The most effective IR strategy for reducing the duration of a data breach was to combine formation of an IR team with testing of the IR plan.Howev
138、er,some organizations pursued only one of those two strategies.As a standalone effort,IR plan testing was more effective than only forming an IR team in reducing the total time to identify and contain the breach.Complete findings0254 daysOrganizations with both an IR team and IR plan testing identif
139、ied breaches 54 days faster than those with neither.55Next sectionPrevious sectionFigure 43.The combined IR strategy saved 54 days in identifying and containing a breach.The dual strategy of forming an IR team and testing an IR plan demonstrated a shorter time,252 days,to identify and contain a data
140、 breach compared to 306 days of employing neither approach,a difference of 54 days or 19.4%.Testing the IR plan without forming a team was nearly as effective,resulting in a difference of 48 days or 17%.Time to identify and contain a data breach by IR team formation and testingFigure 43.Measured in
141、daysComplete findings020500300MTTIMTTC2028858252Neither IR team nor IR plan testingFormation of an IR teamTesting of the IR planBoth IR team and IR plan testingNext sectionPrevious section28 days Organizations using threat intelligence identified breaches 28 days fas
142、ter.Threat intelligenceNew to the report this year is the impact of threat intelligence services on the mean time to identify a breach.Threat intelligence services provide security leaders with information and insights about cyberthreats and vulnerabilities to help them improve their organizations s
143、ecurity posture.Complete findings02Doesnt use threat intelligence216Uses threat intelligence188Time to identify a data breach using threat intelligenceFigure 44.MTTI measured in daysFigure 44.Threat intelligence reduced breach identification time.This years research showed that threat intelligence u
144、sers uncovered breaches in 13.9%less time than those without a threat intelligence investment,a difference of 28 days.Compared to this years global MTTI of 204 days,organizations employing threat intelligence services were able to identify breaches in 8.2%or 16 days less time.Respondents that did no
145、t use threat intelligence took 5.7%or 12 days longer than the global average to identify breaches.Next sectionPrevious sectionComplete findings02USD 3.98MCost of a data breach for organizations that deployed robust risk-based analysisVulnerability and risk managementNew this year,the research examin
146、ed how organizations prioritized risks and vulnerabilities and how this impacted the cost of a data breach.Organizations with more proactive and risk-based vulnerability management,such as vulnerability testing,penetration testing or red teaming,experienced lower than average data breach costs compa
147、red to organizations that relied solely on the industry standard Common Vulnerabilities and Exposures(CVE)glossary and the Common Vulnerability Scoring System(CVSS).Generally,proactive risk management efforts involve the organizations IT security team adopting the perspective of a potential attacker
148、 to determine which vulnerabilities are exploitable and can cause the most harm.Complete findings02Figures 45 and 46.Organizations that prioritize activities beyond CVE score experienced less costly breaches.More than one-third of organizations or 36%relied solely on CVE scoring to prioritize vulner
149、abilities,while the majority of organizations or 64%used more involved risk-based analysis.The 2023 research showed a significant difference in the cost of data breaches between these two groups.Organizations that deployed more intensive,risk-based analysis experienced an average cost of a data brea
150、ch of USD 3.98 million,a difference of 18.3%,compared to USD 4.78 million for organizations that relied on CVE scores only.59Next sectionPrevious sectionComplete findings02How does your organization manage vulnerability prioritization?Figure 45.Percentage of all organizations36%64%CVE score onlyOthe
151、r risk-based analysisCost of a data breach by vulnerability-management prioritization approachFigure 46.Measured in USD millions$0.00$1.00$2.00$3.00$4.00$5.00$4.78CVE score only$3.98Other risk-basedanalysis,for example,based on real-worldattacks60Next sectionPrevious sectionAttack surface management
152、ASM is a set of processes that aids in the discovery,analysis,remediation and monitoring of an organizations potential attack surfaces or vulnerabilities.Organizations that deployed an ASM solution were able to identify and contain data breaches in 75%of the time of those without an ASM solution.Com
153、plete findings02Time to identify and contain a data breach by use of an ASM solutionFigure 47.Measured in daysFigure 47.ASM helped accelerate total time to identify and contain a data breach by nearly 12 weeks.Without an ASM solution,organizations took 260 days to identify a data breach and another
154、77 days to contain it,for a total of 337 days or about 11 months.Organizations with an ASM solution identified the breach in 193 days and contained it in 61 days.The 254-day total time to identify and contain a breach represented an acceleration of 83 days or about 12 weeks so the data breaches were
155、 identified and contained in 75%of the time taken by data breaches at organizations without ASM solutions.MTTIMTTC543370500300350Has ASM solutionDoesnt have ASM solution61Next sectionPrevious sectionManaged security service providersFor the first time,our research explored the
156、impact that partnering with an MSSP had on the time to identify and contain a breach.MSSPs offer organizations the ability to outsource security monitoring and management,often using high-availability security operations centers to provide around-the-clock services.MSSPs can help organizations enhan
157、ce their security posture without increasing head count or investing in training for internal resources.Complete findings02Time to identify and contain a data breach when using an MSSP Figure 48.Measured in daysFigure 48.Organizations with MSSPs experienced a 21%shorter breach lifecycle.In the 2023
158、report,organizations that had an MSSP were able to identify and contain breaches in 80%of the time of those without.Organizations that worked with an MSSP identified breaches 16 days faster or an 8.2%shorter identification time than the 2023 reported global average of 204 days.Those that didnt took
159、28 days longer or 12.8%longer.Containment times with no MSSP were five days longer or 6.6%longer than the 2023 reported global average of 73 days.Containment times with MSSP assistance were 10 days faster or 14.7%faster.MTTIMTTC050030023278310No MSSP18863251Using MSSPIn this section,IBM S
160、ecurity outlines steps organizations can take to help reduce the financial and reputational impacts of a data breach.Our recommendations include successful security approaches that are associated with reduced costs and lower times to identify and contain breaches.0362Next sectionPrevious sectionReco
161、mmendations to help reduce the cost of a data breachBuild security into every stage of software development and deploymentand test regularlyModernize data protection across hybrid cloud Use security AI and automation to increase speed and accuracy Strengthen resiliency by knowing your attack surface
162、 and practicing IR 1234Build security into every stage of software development and deploymentand test regularlyRegulatory requirements continue to become more intricate,especially as technology becomes more intertwined with everyday activities and software becomes more feature rich and complex.A Dev
163、SecOps approachthe top cost mitigator in a special analysis of 27 factors in the 2023 reportwill be essential to building security into any tools or platforms an organization depends on to engage its workforce or its customers.Organizations of all types should look to ensure that security is at the
164、forefront of the software theyre developing as well as commercial off-the-shelf software that theyre deploying.Application developers must continue to accelerate the adoption of the principles of secure by design and secure by default to ensure that security is a core requirement thats considered du
165、ring the initial design phase of digital transformation projects and not simply addressed after the fact.The same principles are being applied to cloud environments to support cloud-native app development that makes a serious effort to protect user privacy and minimize attack surfaces.163Next sectio
166、nPrevious sectionApplication testing or penetration testing from the perspective of an attacker can also give organizations the opportunity to identify and patch vulnerabilities before they turn into breaches.No technology or application will ever be fully secure,and adding more features introduces
167、new risks.Ongoing application testing can help organizations identify new vulnerabilities.03Recommendations to help reduce the cost of a data breachRecommendations to help reduce the cost of a data breach64Next sectionPrevious section03Modernize data protection across hybrid cloud Data is being crea
168、ted,shared and accessed at unprecedented scale across multicloud environments.Fast-paced adoption of new cloud applications and services is compounding the risk of“shadow data”sensitive data not being tracked or managedincreasing security and compliance risks.The majority(82%)of data breaches in thi
169、s report involved data stored in cloud environments,and 39%of breaches included data that spanned multiple types of environments.The cost and risk of these data breaches are compounded by an ever-evolving matrix of regulations and stiff penalties for noncompliance.In the wake of these challenges,gai
170、ning visibility and control of data spread across hybrid cloud should be a top priority for organizations of all types and should include a focus on strong encryption,data security and data access policies.Companies should seek data security and compliance technologies that work on all platforms,all
171、owing them to protect data as it moves across databases,applications and services deployed across hybrid cloud environments.Data activitymonitoring solutions can help ensure proper controls are in place while actively enforcing these policiessuch as early detection of suspicious activity and blockin
172、g real-time threats to critical data stores.Additionally,newer technologies such as data security posture management can help find unknown and sensitive data across the cloud,including structured and unstructured assets within cloud service providers,software as a service(SaaS)properties and data la
173、kes.This can help identify and mitigate vulnerabilities in underlying data store configurations,entitlements and data flows.2As organizations continue to move further into hybrid multicloud operations,its essential to deploy strong identity and access management(IAM)strategies that include technolog
174、ies such as multifactor authentication(MFA),with particular focus on managing privileged user accounts that have an elevated access level.Recommendations to help reduce the cost of a data breach65Next sectionPrevious sectionUse security AI and automation to increase speed and accuracy In the 2023 re
175、port,only 28%of organizations used security AI and automation extensively in their operations,which means many organizations have a significant opportunity to improve their speed,accuracy and efficiency.Extensive use of security AI and automation delivered nearly USD 1.8 million in data breach cost
176、savings and accelerated the time to identify and contain a breach by more than 100 days compared to organizations with no use.Security teams can benefit from having security AI and automation embedded throughout their tool sets.For example,03using security AI and automation across threat detection a
177、nd response tools can help analysts detect new threats more accurately and contextualize and triage security alerts more effectively.These technologies can also automate portions of the threat investigation process or recommend actions to speed response.Additionally,AI-driven data security and ident
178、ity solutions can help drive a proactive security posture by identifying high-risk transactions,protecting them with minimal user friction and stitching together suspicious behaviors more effectively.3When applying AI within your security operations,look for technologies that offer trusted and matur
179、e use cases with demonstrated accuracy,effectiveness and transparency to eliminate potential bias,blind spots or drift.Organizations should plan an operational model for AI adoption that supports continuous learning as threats and technology capabilities evolve.Organizations can also benefit from an
180、 approach that tightly integrates core security technologies for smoother workflows and the ability to share insights across common data pools.Chief information security officers(CISOs)and security operations(SecOps)leaders can also use threat intelligence reports to help with pattern recognition an
181、d threat visibility for emerging threats.Recommendations to help reduce the cost of a data breach66Next sectionPrevious sectionStrengthen resiliency by knowing your attack surface and practicing IRUnderstand your exposure to the attacks most relevant to your industry and organization,and prioritize
182、your security strategy accordingly.Tools such as ASM or techniques such as adversary simulation can help organizations gain an attacker-informed perspective into their unique risk profile and vulnerabilities,including which vulnerabilities are readily exploitable.Additionally,having a team in place
183、thats already versed in the right protocols and tools to respond to an incident has been shown to significantly reduce costs and the time to identify and contain the breach.Not only was IR planning and testing a top 3 cost mitigator in the 2023 report,but the data also showed that organizations with
184、 high levels of these countermeasures in place incurred USD 1.49 million lower data breach costs compared to organizations with low levels or none,and they resolved incidents 54 days faster.Form a dedicated IR team,draft IR playbooks and regularly test IR plans in tabletop exercises or simulated env
185、ironments such as a cyber range.Having an IR vendor on retainer can also help speed the time to respond to a breach.034Lastly,organizations should look to implement network segmentation practices to limit the spread of attacks and the extent of damage they can cause,strengthening overall resiliency
186、and reducing recovery efforts.Recommendations for security practices are for educational purposes and dont guarantee results.04Next sectionPrevious sectionOrganization demographics This years study examined 553 organizations of various sizes across 16 countries and geographic regions and 17 industri
187、es.This section explores the breakdown of organizations in the study by geography and industry and defines the industry classifications.18 yearsThe United States has been a part of the Cost of a Data Breach Report for 18 years,the longest of all countries or regions involved.Organization demographic
188、s 68Next sectionPrevious section04The 2023 study was conducted across 16 different countries and regions.Global study at a glanceFigure 49.Table of all countries studiedGeographic demographicsCountries2023 samplePercentageCurrency2023 USD conversion rate7Years studiedASEAN234%SGD1.32947Australia244%
189、AUD1.491614Brazil438%BRL5.070211Canada265%CAD1.35259France346%EUR0.919814Germany458%EUR0.919815India519%INR82.1912Italy244%EUR0.919812Japan428%JPY132.7512Latin America4234%MXN18.0254Middle East5367%SAR3.703710Scandinavia6224%NOK10.44455South Africa214%ZAR17.738South Korea234%ZRW1303.86United Kingdom
190、499%GBP0.808516United States6712%USD1.0018Total553100%Organization demographics 69Next sectionPrevious sectionThe selection of 17 industries has been included in the study for multiple years.Industry demographics0414%12%11%10%8%7%7%6%5%5%4%4%2%2%2%1%1%Distribution of the sample by industryFigure 50.
191、Percentage of industriesFive industries together accounted for 55%of organizations sampled in this years study.14%Financial12%Services11%Technology10%Industrial8%EnergyFinancialProfessional servicesTechnologyIndustrialEnergyPublic sectorConsumerRetailTransportationCommunicationsHospitalityPharmaceut
192、icalsEntertainmentEducationMediaResearchHealthcareOrganization demographics 70Next sectionPrevious sectionIndustry definitionsHealthcareHospitals and clinicsFinancialBanking,insurance and investment companiesEnergyOil and gas companies,utilities and alternative energy producers and suppliersPharmace
193、uticalsPharmaceuticals including biomedical life sciencesIndustrialChemical processing and engineering and manufacturing companiesTechnologySoftware and hardware companiesEducationPublic and private universities and colleges and training and development companiesServicesProfessional services such as
194、 legal,accounting and consulting firmsEntertainmentMovie production,sports,gaming and casinosTransportationAirlines,railroads and trucking and delivery companiesCommunicationsNewspapers,book publishers and public relations and advertising agenciesConsumerManufacturers and distributors of consumer pr
195、oductsMediaTelevision,satellite,social media and internetHospitalityHotels,restaurant chains and cruise linesRetailBrick and mortar and e-commerceResearchMarket research,think tanks and research and development(R&D)PublicFederal,state and local government agencies and nongovernmental organizations(N
196、GOs)040571Next sectionPrevious sectionResearch methodologyTo preserve confidentiality,the benchmark instrument didnt capture any company-specific information.Data collection methods excluded actual accounting information and instead relied on participants estimating direct costs by marking a range v
197、ariable on a number line.Participants were instructed to mark the number line in one spot between the lower and upper limits of a range for each cost category.The numerical value obtained from the number line,rather than a point estimate for each presented cost category,preserved confidentiality and
198、 ensured a higher response rate.The benchmark instrument also required respondents to provide a second separate estimate for indirect and opportunity costs.In the interest of maintaining a manageable data set for benchmarking,we included only those cost activity centers with a crucial impact on data
199、 breach costs.Based on discussions with experts,we chose a fixed set of cost activities.After collecting benchmark information,we carefully reexamined each instrument for consistency and completeness.We limited the scope of data breach cost factors to known categories that apply to a broad set of bu
200、siness operations involving personal information.We chose to focus on business processes instead of data protection or privacy compliance activities because we believed the process study would yield better-quality results.Research methodology72Next sectionPrevious section05Detection and escalationAc
201、tivities that enable a company to detect the breach,including:Forensic and investigative activities Assessment and audit services Crisis management Communications to executives and boardsNotificationActivities that enable the company to notify data subjects,data protection regulators and other third
202、 parties,including:Emails,letters,outbound calls or general notices to data subjects Determination of regulatory requirements Communication with regulators Engagement of outside expertsTo calculate the average cost of a data breach,this research excluded very small and very large breaches.Data breac
203、hes examined in the 2023 report ranged in size between 2,160 and 101,200 compromised records.We used a separate analysis to examine the costs of mega breaches;that methodology is explained further in the“Data breach FAQs”section of this report.This research used activity-based costing,which identifi
204、es activities and assigns a cost according to actual use.Four process-related activities drive a range of expenditures associated with an organizations data breach:detection and escalation,notification,post-breach response and lost business.How we calculate the cost of a data breachPost-breach respo
205、nseActivities to help victims of a breach communicate with the company and conduct redress activities to victims and regulators,including:Help desk and inbound communications Credit monitoring and identity protection services Issuing of new accounts or credit cards Legal expenditures Product discoun
206、ts Regulatory finesLost businessActivities that attempt to minimize the loss of customers,business disruption and revenue losses,including:Business disruption and revenue losses due to system downtime Cost of losing customers and acquiring new customers Reputational damage and diminished goodwillRes
207、earch methodology73Next sectionPrevious section05Whats a data breach?A breach is defined as an event in which records containing personally identifiable information(PII);financial or medical account details;or other secret,confidential or proprietary data are potentially put at risk.These records ca
208、n be in electronic or paper format.Breaches included in the study ranged from 2,200 to 102,000 compromised records.Whats a compromised record?A record is information that reveals confidential or proprietary corporate,governmental or financial data,or identifies an individual whose information has be
209、en lost or stolen in a data breach.Examples include a database with an individuals name,credit card information Data breach FAQsand other PII,or a health record with the policyholders name and payment information.How do you collect the data?Our researchers collected in-depth qualitative data through
210、 over 3,475 separate interviews with individuals at 553 organizations that suffered a data breach between March 2022 and March 2023.Interviewees included IT,compliance and information security practitioners familiar with their organizations data breach and the costs associated with resolving the bre
211、ach.For privacy purposes,we didnt collect organization-specific information.How do you calculate the average cost of a data breach?We collected both the direct and indirect expenses incurred by the organization.Direct expenses included engaging forensic experts,outsourcing hotline support and provid
212、ing free credit-monitoring subscriptions and discounts for future products and services.Indirect costs included in-house investigations and communications along with the extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates.This research represented onl
213、y events directly relevant to the data breach experience.Regulations such as the General Data Protection Regulation(GDPR)and the California Consumer Privacy Act(CCPA)may encourage organizations to increase investments in their cybersecurity governance technologies.However,such activities didnt direc
214、tly affect the cost of a data breach for this research.For consistency with prior years,we used the same currency translation method rather than adjusting accounting costs.Research methodology74Next sectionPrevious sectionHow does benchmark research differ from survey research?The unit of analysis i
215、n the Cost of a Data Breach Report was the organization.In survey research,the unit of analysis is the individual.We recruited 553 organizations to participate in this study.Can the average per-record cost be used to calculate the cost of breaches involving millions of lost or stolen records?Its not
216、 consistent with this research to use the overall cost per record as a basis for calculating the cost of single or multiple breaches totaling millions of records.The per-record cost is derived from our study of hundreds of data breach events in which each event featured 101,200 or fewer compromised
217、records.To measure the impact of mega breaches that involve one million or more records,the study instead uses a simulation framework based on a sample of 20 events of that size.Why did you use simulation methods to estimate the cost of a mega data breach?The sample size of 20 companies that experie
218、nced a mega breach was not large enough to support a statistically significant analysis using the studys activity-based cost methods.To remedy this issue,we deployed Monte Carlo simulations to estimate a range of possible,meaning random,outcomes through repeated trials.In total,we performed more tha
219、n 250,000 trials.The grand mean of all sample means provided a most likely outcome at each size of data breach,ranging from 1 million to 60 million compromised records.Are you tracking the same organizations each year?Each annual study involves a different sample of companies.To be consistent with p
220、revious reports,we recruit and match companies each year with similar characteristics,such as the companys industry,head count,geographic footprint and size of data breach.Since starting this research in 2005,we have studied the data breach experiences of 5,580 organizations.05Research methodology75
221、Next sectionPrevious sectionResearch limitationsOur study used a confidential and proprietary benchmark method that has been successfully deployed in earlier research.However,the inherent limitations with this benchmark research need to be carefully considered before drawing conclusions from finding
222、s.Nonstatistical resultsOur study drew upon a representative,nonstatistical sample of global entities.Statistical inferences,margins of error and confidence intervals cant be applied to this data,given that our sampling methods werent scientific.NonresponseNonresponse bias wasnt tested,so its possib
223、le that companies that didnt participate are substantially different in terms of underlying data breach cost.Sampling-frame biasBecause our sampling frame was judgmental,the quality of results was influenced by the degree to which the frame was representative of the population of companies being stu
224、died.We believe that the current sampling frame was biased toward companies with more mature privacy or information security programs.Company-specific informationThe benchmark didnt capture company-identifying information.Individuals could use categorical response variables to disclose demographic i
225、nformation about the company and industry category.Unmeasured factorsWe omitted variables from our analyses such as leading trends and organizational characteristics.The extent to which omitted variables might explain benchmark results cant be determined.Extrapolated cost resultsAlthough certain che
226、cks and balances can be incorporated into the benchmark process,its always possible that respondents didnt provide accurate or truthful responses.In addition,the use of cost extrapolation methods rather than actual cost data may inadvertently introduce bias and inaccuracies.Currency conversionsThe c
227、onversion from local currencies to the US dollar deflated average total cost estimates in other countries.For purposes of consistency with prior years,we decided to continue to use the same accounting method rather than adjust the cost.Its important to note that this issue may affect only the global
228、 analysis because all country-level results are shown in local currencies.The current real exchange rates used in this research report were published by the Federal Reserve on 31 March 2023.050676Next sectionPrevious sectionAbout Ponemon Institute and IBM SecurityPonemon InstituteFounded in 2002,Pon
229、emon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government.Our mission is to conduct high-quality empirical studies on critical issues affecting the management and security of sensitive infor
230、mation about people and organizations.Ponemon Institute upholds strict data confidentiality,privacy and ethical research standards and doesnt collect any PII from individuals or company-identifiable information in business research.Furthermore,strict quality standards ensure that subjects arent aske
231、d extraneous,irrelevant or improper questions.IBM SecurityIBM Security helps secure the worlds largest enterprises and governments with an integrated portfolio of security products and services infused with dynamic security AI and automation capabilities.The portfolio,supported by world-renowned IBM
232、 Security X-Force research,enables organizations to predict threats,protect data as it moves,and respond with speed and precision without holding back business innovation.IBM is trusted by thousands of organizations as their partner to assess,strategize,implement and manage security transformations.
233、IBM operates one of the worlds broadest security research,development and delivery organizations;monitors more than 150 billion security events each day in more than 130 countries;and has been granted more than 10,000 security patents worldwide.If you have questions or comments about this research r
234、eport,including requests for permission to cite or reproduce the report,please contact by letter,phone call or email:Ponemon Institute LLCAttn:Research Department2308 US 31 NorthTraverse CityMichigan 49686 USA1.800.887.3118researchponemon.orgVisit the conversation in the IBM Security Community.Learn
235、 more about advancing your security postureAbout Ponemon Institute and IBM Security77Previous section06Take the next stepsAI cybersecurity solutionsSpeed up security response times and boost productivity.Learn moreThreat detection and response solutionsEmpower security teams to outsmart threats with
236、 speed,accuracy and efficiency.Learn moreCloud security solutionsIntegrate security into your journey to hybrid multicloud.Learn moreRansomware solutionsManage cybersecurity risks and vulnerabilities to minimize ransomwares impact.Learn moreIdentity and access management solutionsConnect every user,
237、API and device to every app securely.Learn moreIncident response and threat detection servicesProactively manage and respond to security threats.Learn moreData security and protection solutionsProtect data and simplify compliance across hybrid clouds.Learn moreAttack surface managementManage the exp
238、ansion of your digital footprint and improve your organizations cyber resilience quickly.Learn moreUnified endpoint management solutionsScale your mobile workforce by securing and managing any device.Learn moreGovernance,risk and compliance servicesIncrease cybersecurity maturity with an integrated
239、governance,risk and compliance approach.Learn moreSchedule a one-on-one consultationMeet with an IBM Security X-Force expert to discuss your needs.Learn moreRequest an IBM security and framing discovery workshopGet assistance in modernizing your security program.Learn more Copyright IBM Corporation
240、2023 IBM Corporation New Orchard Road Armonk,NY 10504 Produced in the United States of America July 2023 IBM,the IBM logo,IBM Security,and X-Force are trademarks or registered trademarks of International Business Machines Corporation,in the United States and/or other countries.Other product and serv
241、ice names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on document is current as of the initial date of publication and may be changed by IBM at any time.Not all offerings are available in every country in which IBM operates.All client examples cited or
242、 described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved.Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions.Generally expected results can
243、not be provided as each clients results will depend entirely on the clients systems and services ordered.THE INFORMATION IN THIS DOCUMENT IS PROVIDED“AS IS”WITHOUT ANY WARRANTY,EXPRESS OR IMPLIED,INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR
244、 CONDITION OF NON-INFRINGEMENT.IBM products are warranted according to the terms and conditions of the agreements under which they are provided.Statement of Good Security Practices:IT system security involves protecting systems and information through prevention,detection and response to improper ac
245、cess from within and outside your enterprise.Improper access can result in information being altered,destroyed,misappropriated or misused or can result in damage to or misuse of your systems,including for use in attacks on others.No IT system or product should be considered completely secure and no
246、single product,service or security measure can be completely effective in preventing improper use or access.IBM systems,products and services are designed to be part of a lawful,comprehensive security approach,which will necessarily involve additional operational procedures,and may require other sys
247、tems,products or services to be most effective.IBM DOES NOT WARRANT THAT ANY SYSTEMS,PRODUCTS OR SERVICES ARE IMMUNE FROM,OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM,THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.The client is responsible for ensuring compliance with laws and regulations applicable to i
248、t.IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation.Statements regarding IBMs future direction and intent are subject to change or withdrawal without notice,and represent goals and objective
249、s only.1.Its not consistent with this research to use the per-record cost to calculate the cost of single or multiple breaches above 102,000 records.For more information,see the“Research methodology”section.2.ASEAN is a cluster sample of companies located in Singapore,Indonesia,the Philippines,Malay
250、sia,Thailand and Vietnam.3.Destructive attacks are defined as attacks that render systems inoperable and challenge reconstitution.They may or may not also involve a ransom.4.Latin America is a cluster sample of companies located in Mexico,Argentina,Chile and Colombia.5.Middle East is a cluster sample of companies located in Saudi Arabia and the United Arab Emirates.6.Scandinavia is a cluster sample of companies located in Denmark,Sweden,Norway and Finland.7.Foreign Exchange Rates-H.10,31 March 2023.