CYE Insights

6 Key Takeaways from the IBM Cost of a Data Breach Report

July 26, 2023

6 Key Takeaways from the IBM Cost of a Data Breach Report

Data breaches are increasing, and they are costing organizations more to prevent and contain. Yet IBM Security’s new Cost of a Data Breach Report 2023 offers some valuable insights that illustrate the many cyber risks organizations face as a result of an ever-expanding attack surface, and how security leaders might be able to address them.

Here are some of our key takeaways:

1. The global average cost of a data breach is continuing to rise.

As the threat landscape expands and cyberattacks become more sophisticated, data breaches continue to pose significant financial risk to organizations. The average cost of a data breach reached a staggering $4.45 million in 2023—a 2.3% increase over last year and the highest figure ever. Moreover, the costliest data breach expense was detection and escalation costs, which grew 42%. Clearly, this highlights the importance of measuring and strengthening cybersecurity maturity to rapidly identify and respond to threats.

2. Only half of organizations are planning to increase their security investments because of a breach.

As the cost of data breaches rises, one might think that the cost of preventing them rises as well. However, according to the IBM report, just 51% of organizations are planning to increase their security investments in areas including incident response planning and testing, employee training, and threat detection and response technologies.

3. …But they might save money in the long run by doing so.

Done correctly, investing in strategic mitigation to reduce cyber risk and increase organizational cybersecurity maturity can pay off in the long run. In particular, the IBM report noted that “organizations with high levels of IR planning and testing save $1.49 million, compared to those with low levels.”

Undoubtedly, using effective and proven strategies such as cyber risk quantification can also provide necessary clarity as to where organizations should focus their mitigation efforts and investments. The key is to understand and address the true threats that can negatively impact the business.

4. Healthcare has the highest data breach costs of all industries.

The healthcare industry’s data breach costs rose to $10.93 million in 2023—the highest cost of any industry for the 13th year in a row. The healthcare industry has always been a significant target for criminals because its data can be quite valuable, while its security is often inadequate. This unfortunate reality was seen in our Cybersecurity Maturity Report 2023, where healthcare was ranked lowest for network level security.

5. Critical infrastructure breaches have also jumped in cost.

Organizations considered to be critical infrastructure—including utilities, healthcare, transportation, and education—incurred data breach costs of $5.04 million in 2023, rising 4.6% over 2022. These figures correspond with the uptick in cyberattacks and ransomware in critical infrastructure, as well as the considerable challenges of securing OT systems.

6. Organizations need to do a better job of protecting their assets while considering costs.

On the whole, the new IBM report should serve as a wake-up call for organizations to implement cyber risk strategies like CYE does that rapidly identify threats, quantify cyber risk, and prioritize mitigation. Yet, as the report also illustrates, a truly effective and holistic approach to cybersecurity must also consider cost and overall return on investment.

Want to learn more about how Hyver can help you improve your cybersecurity maturity and prevent data breaches in the most cost-effective way? Schedule a demo.


Inbar Ries

By Inbar Ries

Inbar Ries is CYE’s Chief Product Officer at CYE. She oversees CYE's overall product strategy and direction and addresses market and customer needs.