MIDWEST CYBER
SECURITY ALLIANCE

According to the 2023 IBM Security / Ponemon Institute Cost of a Data Breach Report involving 533 organizations across 16 countries & geographic regions, and 17 industries: 

• The average cost of a data breach in the US is $9.48M 

• The healthcare sector's breaches cost an average of $10.93M

• 82% of breaches involved data stored in the cloud

• Phishing was the initial attack vector in 16% of breaches; stolen or compromised credentials was the second most frequent initial attack vector at 15% of breaches

• 24% of cyber attacks involved ransomware

• The average time to identify and contain a data breach is 277 days, but 328 days if the attack vector is from stolen or compromised credentials

• Those with substantial AI & automation investments saw shorter times to identify and contain breaches, and realized an average of $1.7M lower cost

• Excluding law enforcement in a ransomware attack led to $470,000 in additional costs

• Only 1/3 of data breaches were identified by the organization’s security teams and tools – usually it was another entity or the attacker that disclosed the breach

• 51% of organizations increased security investments after a breach (Incident Response Plan development and testing were the most important investments)

 

To reduce the risk of cyber incidents, successful Information Security Programs involve a multidisciplinary team that includes Executive Leadership (CEO, CFO, COO, etc.), Risk Management, General Counsels, Security Officers, Privacy Officers, Compliance Officers, Human Resources, CIOs, and relationships with external agencies. Organizations should implement strong, risk-based security and privacy controls that evolve to reflect the changing threat landscape.