Skip to content

Global average total cost of a data breach growth up to $4.4 mn

Global average data breach in 2024 cost $4.4 million, up from 4.2 million in 2021 and $3.9 million in 2020, according to research by IBM and the Ponemon Institute.

The yearly average data breach cost increased the most between the year’s 2020 and 2021 – a spike likely influenced by the COVID-19 pandemic. The average data breach costs in 2023 is $4.35 million, a 2.6% rise from 2021 amount of $4.24 million.

The average cost of a data breach

  • $9.44 mn is average cost of a data breach in the United States
  • $4.35 mn is global average total cost of a data breach
  • $10.1 mn is average total cost of a breach in the healthcare industry
  • $1.12 mn is average savings of containing a data breach in 200 days or less
    $4.54 mn is average cost of a ransomware attack
  • $5.12 mn ia average cost of a destructive attack
  • $4.24 mn is average data breach cost in organizations with private clouds
  • $5.02 mn is average data breach cost in organizations with public clouds
  • $2.66 mn is average breach cost savings at organizations with an IR team that tested their plan versus those who didn’t

The best way to prevent a data breach is to understand why it’s happening. Now in its 17th year, the 2022 Cost of a Data Breach report shares the latest insights into the expanding threat landscape and offers recommendations for how to save time and limit losses.

Average cost of a data breach divided into four segments

Average cost of a data breach divided into four segments
Source: IBM

Business owners know their data can be a valuable asset. Unfortunately, cyber attackers know this, too.

For 83% of companies, it’s not if a data breach will happen, but when. Usually more than once. When detecting, responding to and recovering from threats, faster is better. Organizations using AI and automation had a 74-day shorter breach lifecycle and saved an average of USD 3 million more than those without.

That’s why having a robust cybersecurity plan is imperative in the digital age.

But no business is 100% safe from cyber threats. Bad actors are becoming more aggressive in exploiting gaps in digital security and stealing valuable information. The rise of remote work has exposed more points of attack.

Many businesses expect to mitigate the financial impact of cyberattacks with adequate insurance. Keep in mind that standard property and liability insurance policies do not cover many types of cyber risk.

For the 12th year in a row, the United States holds the title for the highest cost of a data breach, USD 5.09 million more than the global average.

Stolen or compromised credentials were not only the most common cause of a data breach, but at 327 days, took the longest time to identify. This attack vector ended up costing USD 150,000 more than the average cost of a data breach.

Stolen or compromised credentials are costly

Stolen or compromised credentials are costly
Source: IBM

In 2023, it took an average of 277 days—about 9 months—to identify and contain a breach. Shortening the time it takes to identify and contain a data breach to 200 days or less can save money.

The cost of a breach in the healthcare industry went up 42% since 2020. For the 12th year in a row, healthcare had the highest average data breach cost of any industry.

The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by over USD 430,000.

Organizations that had a fully deployed AI and automation program were able to identify and contain a breach 28 days faster than those that didn’t, saving USD 3.05 million in costs. However, it’s not all or nothing. Organizations with a partially deployed AI and automation program fared significantly better than those without.

While 45% of breaches occurred in the cloud, organizations with a hybrid cloud model had lower average data breach costs—USD 3.80 million—compared to organizations with a public or private cloud model.

Having an incident response (IR) plan is only the first step. Testing that plan regularly can help you proactively identify weaknesses in your cybersecurity and shore up your defenses. Not to mention you can save millions in data breach costs.

Nataly Kramer    by Nataly Kramer