Businesses spent even more money on
Financial companies spent $6.08 million on average to respond to incidents, compared to $5.9 million last year, according to IBM's
The analysis sheds light on what expenses
Loandepot in a recent disclosure
IBM found expenses for "mega breaches" affecting between 1 million to 10 million records costing on average $42 million, while hacks impacting between 10 million and 20 million records cost firms on average $173 million.
The price tags for data breaches are lofty. The average cost of a cyberattack at a U.S.-based firm was $9.36 million in the past year, while for all affected organizations globally expenses averaged $4.88 million, a 10% annual increase.
Among affected businesses surveyed, 63% said they're passing data breach costs onto consumers, more than the 57% that said they did last year.
"Having customers absorb these costs can be problematic in a competitive market already facing pricing pressures from inflation," the IBM report read.
Mitigating factors
Across all hacks, the price of sensitive data is up; employee and consumer personal identifying information cost $189 and $179 per record this past year, respectively. Overall average expenses rose because of greater lost business costs, such as operational downtime and lost consumers, and costlier post-breach responses such as increased staffing and regulatory fines, IBM said.
Impacted companies using artificial intelligence in security functions spent on average $2.2 million less than their peers
Companies who didn't report "severe security staffing shortages" meanwhile saved on average $1.76 million on breach response. That security skills gap increased by double digits from 2022 to 2023, IBM said.
Businesses which contacted law enforcement regarding hacks also saved $1 million on average compared to organizations which did not. Just over half of companies hit by ransomware attacks told IBM they notified law enforcement, and 63% of those firms ended up not paying cybercriminals.
The report ranks employee training, and AI and machine learning-driven insights as the top factors reducing average data breach costs. A complicated security system was the top factor which increased expenses, the report said, followed by security staffing shortages and third-party incidents.
Lingering expenses
Just 12% or organizations said they've fully recovered from cyberattacks, a process IBM said usually takes longer than 100 days. A full recovery is defined as business operations back to normal in affected areas; a firm meeting compliance requirements; putting new controls in place; and restoring customer and employee confidence.
Loandepot has yet to formally settle a pending data breach complaint but said in its recent earnings filings the hack affecting nearly 17 million borrowers won't have a material impact on its full year financial results.
Mr. Cooper, which suffered an attack leaking the Social Security numbers of 14.7 million customers last October, has incurred
While some companies
A federal judge in June granted preliminary approval for a $6 million settlement between consumers and Overby-Seawell, a vendor for KeyBank and Fulton Bank, which was