In our January 2023 blog post, “Study Finds Average Cost of Data Breach Will Reach Record High in 2022,” we highlighted key findings from Ponemon Institute’s 2022 Cost of Data Breach Report . Each year, this report analyzes and reports on a huge set of data. We investigate data breaches at hundreds of organizations and identify trends and developments in security risks and best practices. Recently, the Ponemon Institute released its 2023 Data Breach Cost Report, which showed that data breach costs are increasing in many areas of business.
Key findings of the report include:
- In 2023, the average cost of a global data breach reached an all-time high at $4.45 million. This was a 2.25% increase compared to 2022, when the average cost was his $4.35 million. However, organizations with more robust risk-based analysis and controls, including vulnerability testing, penetration testing, and red teaming, saw an average breach cost of only $3.98 million.
- The United States led all counties and regions in the world for the 13th year in a row, with an average cost of $9.48 million per data breach in 2023. This is an increase of 0.4% from 2022, when the average cost of a breach was $9.44 million.
- The other top five countries and regions with the highest average cost of a data breach were the Middle East at $8.07 million, Canada at $5.13 million, Germany at $4.67 million, and Japan at $4.52 million.
- Healthcare continues to be the industry with the highest average cost of a data breach in the U.S., with costs jumping to an average of $10.93 million, an 8.2% increase compared to 2022, when the average cost of a data breach for the industry was $10.10 . a million. In contrast, the financial industry came in second with an average cost per breach of $5.9 million, and the public sector came in last with an average cost per breach of $2.6 million.
- Phishing and stolen or compromised credentials were the most common initial attack vectors, causing 16% and 15% of breaches, respectively. The average cost of a phishing breach was $4.72 million. Conversely, breaches caused by system errors were the least costly, with an average cost of $3.96 million per breach, and the least frequent, accounting for 5% of all incidents.
- While 33% of data breaches were actually identified by internal teams and tools, 27% of breaches were disclosed by attackers as part of a ransomware attack. The average cost of a ransomware attack was $5.23 million, an increase of 19.5% compared to 2022, when the average cost was $4.54 million.
- In 2023, it took an average of 204 days to identify a data breach, and an additional 73 days to stop such a breach. This is an increase of 3 days from 2022. Data breaches with a life cycle of less than 200 days cost an average of $3.93 million. Meanwhile, data breaches with a lifecycle of more than 200 days cost an average of $4.95 million, a difference of 23%.
As concerns about the costs associated with data breaches continue to be the focus of many service contract negotiations, the 2023 Data Breach Cost Report aims to help organizations assess the actual costs associated with data exchanged under such agreements. Helps determine financial risk.
Read the full report >>
