- IBM report reveals UK data breach costs average £3.58 million.
- Financial sector sees highest costs at £6.05 million per incident.
OUR TAKE
The escalating costs of data breaches in the UK underscore the critical need for robust cybersecurity measures. As companies face increasing financial burdens, the importance of proactive security strategies and investments in AI-driven solutions cannot be overstated.
— Zoey Zhu, BTW reporter
What happened
New research has outlined how the average cost of data breaches for UK companies is continuing to rise, with customers potentially bearing the brunt. A report from IBM claims a 5% increase over the course of 2024 so far brings the average data breach cost to £3.58 million per incident. This figure grows to an eye-watering £6.05 million for attacks in the financial sector, followed by over £5.51 million in professional services, and £5.4 million in tech.
Lengthy recovery periods are exacerbating the financial impact. Stolen credentials and phishing attacks were the leading tactics deployed as initial attack vectors in data breaches, leading to an average cost of £3.27 million and £3.59 million respectively. Over 60% of organisations worldwide have stated that they will increase the cost of goods and services this year as a result of breaches and the associated costs. Globally, only 12% of breached organisations said they were able to fully recover from a data breach, with most taking over 100 days to do so. Internal detection usually saves a company up to £1 million and shortens the process by 61 days in comparison to incidents disclosed by an attacker.
Also read: Software and AI demand drive IBM’s growth despite consulting drop
Also read: IBM reports growth in AI bookings, beating earnings estimates
Why it’s important
Severe IT staffing shortages worldwide have resulted in higher breach costs, pushing companies to increase security budgets and invest in staff training. Additionally, disruption to business, and post-breach third-party and customer responses are driving up costs. Companies can try to mitigate the damage, with most ransomware victims who involve law enforcement avoiding paying the ransom (63%). Victims that used security AI and automation to detect and contain incidents were an average of 106 days faster than those without.
However, adopting Gen AI technologies is expected to introduce new risks for security teams. 47% of business leaders surveyed were concerned with new attacks targeting AI, and 51% were apprehensive about new security vulnerabilities and unpredictable risks this may bring. Martin Borrett, Technical Director, IBM Security UKI, stated, “In a landscape marked by increasing cyber threats, this year’s report highlights critical vulnerabilities and strategic opportunities. Worldwide, organisations with severe security staffing shortages were affected by a substantial rise in breach costs. Security AI and automation are effective in supporting team efforts to identify and accelerate incident response, helping UK companies reduce both breach expenses and business impact. Robust, AI-driven security measures are essential, and addressing regulatory non-compliance and IoT vulnerabilities remains crucial.”