This blog was prepared with assistance from Summer Law Student Ethan Fiedelleck.
The report provides information for IT and business leaders to use to enhance security measures in an effort to reduce the impact of a potential data breach. Highly comprehensive, the report contains data from 604 organizations, across 17 industries and in 16 different countries that were impacted by a data breach. A copy of the 2024 full report can be found here
.
The key findings from the report include the following (all monetary amounts are in USD):
- The average global cost of a data breach in 2024 was $4.88 million; a 10% increase from 2023 ($4.45 million).
- Canada averaged $4.66 million per breach compared to $5.13 million in 2023.
- Reporting a data breach to local law enforcement authorities was found to reduce data breach costs by an average of nearly $1 million.
- Cybersecurity divisions were found to be understaffed in over half of the organizations that reported a data breach. Organizations understaffed in this area reported an average of $1.76 million more in breach costs.
- Personal identification information was taken in 46% of data breach attacks reported.
- Companies hit by a data breach took an average of 258 days to identify and contain the breach. This is down from 277 days in 2023, reaching a seven-year low.
- Health care and financial services continue to have the highest costs associated with a data breach among the industries studied.
- The industrial sector saw the highest jump in data breach costs from 2023 among all industries studied at $830,000.
- Phishing and stolen or compromised credentials were the two most common types of attack vectors.
- Alarmingly, when companies were hit by a data breach 70% of organizations studied reported experiencing significant or very significant business disruption.
To reduce the impacts of a data breach, organizations can do the following:
- Invest in AI and automation: AI and automation supporting security prevention saved organizations an average of $2.22 million compared to organizations that did not use AI preventative technologies. Organizations that extensively use AI and automation lower the number of days required to contain a data breach by nearly 100 days.
- Undertake crisis simulations: Crisis simulation exercises allow companies to practice their identification and response to potential cyberthreats and prepare organizations for a real breach if it happens.
- Invest in key areas: Employee training, AI, security information and event management, incident response planning, and encryption were the top five factors that reduced the average cost of a data breach in 2023.
- Identify your data environments: Organizations with multiple environments for data storage should ensure they know exactly what data is stored where and the sensitivity of that data. Doing so, organizations can monitor the data they have and strategically provide enhanced protections where needed.
- Invest in a private Data Cloud environment: 40% of data breaches in the study occurred when data was stored in multiple environments and public Data Clouds increased the average cost of a breach to $5.17 million.
Learn more about privacy, data protection & cybersecurity services
?at MLT Aikins. In addition, you can contact our breach counsel team at [email protected]
or phone (877) 257-0666.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.