Cost of data breach in Australia has grown 32% in 5 years: IBM
IBM has released its annual Cost of a Data Breach Report, showing that the global average data breach cost reached US$4.45 million in 2023 – an all-time high for the report and a 15% increase over the last three years. Detection and escalation costs jumped 42% over this time frame, representing the highest portion of breach costs and indicating a shift towards more complex breach investigations.
According to the 2023 IBM report, businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that while 95% of studied organisations have experienced more than one breach, breached organisations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%).
The company has also released key data points pertaining to Australia.
The average cost of a data breach in Australia has grown 32% in the last five years, reaching AU$4.03 million per the 2023 Cost of a Data Breach Report.
Detection and escalation costs reached AU$1.68 million-the highest portion of breach costs, indicating a shift towards more complex breach investigations.
The top three industries with the highest average breach costs in Australia include financial services (AU$5.56 million), technology (AU$5.06 million) and education (AU$4.61 million), higher than the average cost across the country (AU$4.03 million).
Across all Australian breaches studied, the two most common attack types were phishing scams (over 22%) and stolen or compromised credentials (over 17%).
AI and automation significantly impacted the speed of breach identification and containment for studied organisations.
Australian organisations that did not utilise security AI and automation to combat cyber threats experienced breaches, costing an average of AU$2.14 million more than those who extensively deployed these technologies.
Organisations with extensive use of both security AI and automation experienced a data breach lifecycle that was 117 days shorter compared to studied organisations that have not deployed these technologies (225 days versus 342 days).
Most often, breached data was stored across multiple environments in Australia (32%), followed by private cloud at 28% and on-premises at 21%.
"In addition to reducing the time to identify and contain a data breach, the extensive use of security AI and automation is also a crucial factor in delivering significant cost savings to breached organisations in Australia. In 2023, the industry is reaching a tipping point in the maturity curve for AI in security operations, where enterprise grade AI capabilities can be trusted and automatically acted upon via orchestrated response. This will unlock tangible benefits for speed and efficiency, which are desperately needed in today's business landscape where early detection and fast response can significantly reduce the impact and losses from breaches," says Chris Hockings, chief technology officer at IBM Security for Asia Pacific.