According to IBM's recently released "2023 Cost of a Data Breach Report", the average cost of a data breach in 2023 is as high as $4.45 million, a record high. The five major industries of healthcare, finance, pharmaceuticals, energy, and industry have the highest cost of data leakage, with the average cost of healthcare ($10.93 million) significantly higher than that of other industries. 
The four main findings of the report are as follows:
Found.
1. The average cost of a data breach is at an all-time high in 2023, but enterprise security investments are divided. Since 2017, the average cost of a data breach has been rising almost steadily. In 2017, the average cost was "only" $3.62 million. It will reach an all-time high of $4.45 million in 2023. Over the past three years, the average cost of non-compliance has increased by 15%. The industries with the highest average cost of data leakage are: healthcare ($10.93 million), finance ($5.9 million), pharmaceuticals ($4.82 million), energy ($4.78 million), and industrials ($4.73 million).
The average cost of an attack in the healthcare industry is almost twice that of other industries, due to the huge attack surface of healthcare organizationsHealthcare organizations are more focused on operational outcomes than safety;As well as the higher value of medical data and the fact that it is heavily regulated, regulatory compliance penalties can lead to higher attack costs.
Geographically, the countries and regions with the highest average cost of data breaches are: the United States ($9.48 million), the Middle East ($8.07 million), and Canada ($5.13 million). In most cases, threat actors prioritize targeting affluent areas.
According to the comprehensive statistics of average cost and frequency, the three most costly attack methods that cause data leakage losses are as follows:
Phishing is the most common attack method and the second most costly act of vandalism for organizations ($4.76 million). Stolen or compromised credentials are also common, and the cost of damage is quite high (US$4.62 million). Malicious insiders are the uncommon attack vectors, but they cause the most costly damage ($4.9 million). When asked whether to increase their security investments in the wake of a data breach, 51% of respondents said they would increase their security spending (with significant divergences), including:
50% will invest in incident response planning and testing, 46% will invest in employee security awareness training, 38% will invest in threat detection and response technology, 32% will invest in identity and access management (IAM), 31% will invest in managed security services (MSS), 25% will invest in data security tools, and 10% will invest in cybersecurity insuranceFinding 2: There are significant cost savings from using DevSecOps methodologies, deploying incident response teams, and using security and AI automation. The report found that the use of artificial intelligence and automated security technologies has a direct impact on the average cost of a data breach. Organizations that invest in and deploy AI and automation extensively save an average of $1.76 million per breach, in addition to reducing incident response time by 108 days, compared to organizations that don't use AI and automation at all. Organizations that use high-level DevSituations methodologies or incident response planning and testing save millions of dollars compared to organizations that use low-level or non-existent DevSituations methodologies or incident response planning and testing:
Organizations using the DevSecOps methodology saved $1.68 million, and organizations with incident response teams and regular testing saved $1.49 millionFinding three: When compromised data is stored in multiple environments, it is most costly and takes longer to contain the breach. 39% of compromised data is stored in multiple types of environments: public cloud, private cloud, hybrid cloud, and even on-premises. The cost of such a data breach is also $750,000 higher. Multi-environmental data breaches also took the longest time to contain, reaching 291 days. That's 15 days longer than the overall average:
Finding 4: Detection of attacks by internal security teams can dramatically reduce containment time and cost savings. Organizations that identify attacks through internal security team detection (241 days) are able to contain attacks faster than through third-party (273 days) or attacker disclosures (320 days). The average cost of a breach detected by an attack within an organization is also lower at $4.3 million, compared to $4.68 million for third-party notifications and $5.23 million for attacker disclosures. There is a very strong correlation between the time spent and the money spent by the organization.
When law enforcement agencies are involved in identifying and mitigating attacks, the average cost and time to identify and contain attacks is significantly reduced. The average cost of a spill was $4.64 million when law enforcement agencies were involved, and $5.11 million when non-involvement. In addition, the average containment time for attacks involving law enforcement agencies was 276 days, compared to 306 days without involvement.
Finally, the report gives four recommendations for enterprise data security capacity building:
1. Integrate security into every stage of software and hardware development and test it regularlyAdopt a DevSecOps approach to apply the same principles to cloud environments for application testing or penetration testing by adopting security by design and security by default principles in the initial design phase2. Protect data across hybrid cloud environmentsGain visibility and control over data in your hybrid cloud environmentDeploy data activity monitoring solutions as data moves between databases, applications, and services3. Use artificial intelligence and automation to improve speed and accuracyEmbed artificial intelligence and automation across your entire security toolset to enhance threat detection, response, and investigation. Integrate core security technologies with proven AI technology for seamless workflows and shared insights, and use threat intelligence reports for pattern recognition and threat visibility. Fourth, enhance resilience by understanding your attack surface and practicing incident response (IR).Understand the attack risks faced by your industry and organization, use ASM tools or adversary simulation techniques to understand the risk landscape and vulnerabilities from an attacker's perspective, build a team that is well-versed in IR protocols and tools, develop an IR plan, conduct regular testing, and consider hiring an IR vendor to speed up incident response [GoUPSEC].