File this under bad news getting even more bad: The cost of data breaches grew 10% in the year ending February 2024, according to IBM’s annual Cost of a Data Breach Report released in July 30.
The Ponemon Institute, which IBM pays to make the study, pinned the larger breach costs, which hit nearly $4.9 million, on the growing costs of business disruption, “including operational downtime and lost customers,” fines from regulators, and paying for customer support in the aftermath of the breach. Those costs make up more than half the average cost of a breach.
Speaking of customer support, those customers would probably be less than pleased to learn that many of them are paying for that assistance, and everything else the company is doing to recover from the breach. “When asked how they’re dealing with these costs,” the report said, “more than half of organizations said they are passing them on to customers,” an idea it diplomatically referred to as a “problematic” business strategy.
The report does have a lot of terrifying facts, but no need to go down a doomsday rabbit hole. Instead, let’s consider a question posed by one of the report’s key findings.
Where’s your data? No, really. It’s a struggle for most organizations, which have a mix of data hosted onsite and in both public and private clouds. Data left in unmanaged reaches of a company’s digital realms becomes so-called shadow data, a problem that surfaced in more than one in three breaches. Not knowing where data is makes it more difficult to find after a breach, which seems to explain why breaches where shadow data was stolen “correlated to a 16% greater cost,” the report found.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
Keeping a data inventory that’s up to date makes it easier to keep tabs on sensitive data and easier to quickly figure out what happened and respond after a breach.
USA, USA (?): The report did have a little bit of good news for North American companies, if it’s not too weird to say that about a problem that costs millions of dollars, to say nothing of the reputational harm a firm can suffer. Breached organizations in the US and Canada—which made up about one in six of the roughly 600 studied—suffered slightly smaller costs than in the year before. The average American breach fell to $9.36 million in the year ending this February, from $9.48 million in the previous report. In Canada, the average breach fell from $5.13 million to $4.66 million.