Over the past decade, the cost of data breaches has shown remarkable growth, with the average cost surging by nearly 30% to reach $4.45 million per breach today, while U.S. companies experience even higher costs, averaging $9.48 million per breach. The United States has consistently held the title for the highest average data breach cost for 13 consecutive years, with costs soaring to $9.48 million per breach in 2023, reflecting a significant 75.5% increase. Healthcare remains the industry with the highest data breach costs, averaging $10.93 million per breach in 2023.
The study reveals that the threat landscape has evolved significantly over the past decade, highlighting trends such as the increasing importance of mitigating factors in data breach costs.
While encryption was a key factor for several years, in 2020, it fell in importance, and artificial intelligence (AI) and the DevSecOps approach gained significance. The latest reports show that security AI and automation have demonstrated measurable benefits, resulting in a 108-day shorter time to identify and contain breaches and $1.76 million lower data breach costs.
The COVID-19 pandemic marked a significant shift to remote work, leading to a $1.07 million increase in breach costs for cases involving remote work. Remote work also extended the time to identify and contain breaches by 58 days for organizations with over half of their employees working remotely. Attack surface management (ASM) emerged as a valuable solution, enabling organizations to identify and contain data breaches 25% faster.
Over the years, malicious attacks have increased, accounting for over 50% of data breach cases, while system glitches and human errors have each accounted for about a quarter of incidents. Phishing and stolen credentials continue to be common attack vectors, and since the pandemic, cloud misconfigurations have risen as one of the most common initial attack vectors.
Despite ongoing geopolitical conflicts, such as the Ukraine war, the impact on data breach costs has not become a major factor, and it is not a significant feature in the Cost of a Data Breach report. The supply chain’s role in security gained increased emphasis, with one-fifth of breaches in the study resulting from supply chain compromises, costing an average of $4.46 million. As the next decade approaches, the unpredictable rise of AI and quantum computing introduces uncertainty into the future of cybersecurity.