Average cost of an Australian data breach hits AUD $4.26 million

IBM has released its annual Cost of a Data Breach Report, revealing that the average cost of a data breach in Australia has reached a record high of AUD $4.26 million in 2024, reflecting a 27% increase since 2020.

Among the most common initial attack vectors were phishing and stolen or compromised credentials. The report also highlighted the increasing importance of AI and automation in reducing the impact of cyber breaches for Australian businesses.

The technology sector experienced the costliest cyber breaches in Australia, with average breaches costing AUD $5.81 million. This was followed by the financial services industry, where breaches cost an average of AUD $5.61 million. The costliest breaches were attributed to malicious insiders, costing organisations an average of AUD $4.91 million per incident and accounting for 8% of the incidents studied.

The report noted that Australian companies needed an average of 266 days to identify and contain cyber incidents, which is 8 days longer than the global average of 258 days. Additionally, 32% of breaches involved data stored across multiple environments including public cloud, private cloud, and on-premises infrastructure. These types of breaches cost an average of AUD $4.88 million and took the longest time to identify and contain, at 301 days.

Detection and escalation costs remained the most expensive part of a breach, averaging AUD $1.65 million, followed by post-breach response costs and losses due to business interruption.

IBM Australia Managing Director Nick Flood addressed the evolving threat landscape, underlining the necessity for strengthening Australia's collaborative approach to cybersecurity. “IBM conducts R&D in cybersecurity right here in Australia at our Gold Coast Development Lab and is proud to be delivering global innovative cyber security solutions to Australian clients to enhance their security measures and response strategies,” Flood said.

IBM Security APAC Chief Technology Officer Christopher Hockings emphasized the crucial role of AI in modern cybersecurity. “Breached organisations across Australia are seeing significant cost and time savings via their use of security AI and automation across their security operations,” stated Hockings. He further added, “Australian businesses are increasingly understanding that the ability to detect and respond to cyber threats swiftly can make all the difference. With attacks growing more sophisticated, it's imperative for organisations to adapt and prioritise speed in their cybersecurity efforts to avoid costly breaches.”

The 2024 report is based on an in-depth analysis of real-world data breaches experienced by 604 organisations globally between March 2023 and February 2024. Conducted by the Ponemon Institute and sponsored and analysed by IBM, this research has been published for 19 consecutive years and is considered a benchmark in the industry.

Globally, the report also noted that organisations facing severe staffing shortages observed a significant increase in breach costs, averaging an additional USD $1.76 million compared to those without such issues. Furthermore, the engagement of law enforcement in ransomware incidents helped save victims almost USD $1 million on average in breach costs, with most (63%) avoiding the need to pay a ransom.

For the third consecutive year, a majority of organisations indicated they would pass the costs of data breaches on to consumers, with 63% planning to increase the cost of goods or services as a result of breaches, up from 57% the previous year.