Companies which utilize AI and automation in their security systems tend to incur lower financial damage if they have a security breach, a new IBM report shows.
This is IBM's 18th annual survey of company security. This year’s research was conducted independently by Ponemon Institute and studied 553 organizations impacted by data breaches that occurred between March 2022 and March 2023.
Key findings:
The average cost of a data breach reached an all-time high in 2023 of $4.45 million. This represents a 2.3% increase from the 2022 cost of $4.35 million. Taking a long-term view, the average cost has increased 15.3% from $3.86 million in the 2020 report.
The report revealed that advanced security technology has a big impact on how quickly organizations can identify and contain data breaches, in some cases reducing the average breach time-span by 108 days.
$1.76MÂ Potential Loss Reduction
The effect of extensive security AI and automation on the financial impact of a breach: security AI and automation were shown to be important investments for reducing costs and minimizing time to identify and contain breaches. Organizations that used these capabilities extensively within their approach experienced, on average, a 108-day shorter time to identify and contain the breach. They also reported $1.76 million lower data breach costs compared to organizations that didn’t use security AI and automation capabilities.
Martin Borrett, technical director of IBM Security for the UK and Ireland, says ,“With a 108-day average reduction in the breach lifecycle, security AI and automation may be the driving force needed to help defenders bridge the speed gap with attackers.”
Unfortunately the report found that only 28% of organizations are currently deploying this advanced technology extensively. Even worse, 37% of the companies surveyed had not used it at all.
The USA is the world leader in losses from data breaches: not an accolade to be particularly proud of: “For the 13th consecutive year, the United States held the title for the highest data breach costs at $9.48 million, an increase of 0.4% from last year’s $9.44 million,” the report states.
Utility companies need to take a long-term security outlook, with prioritizing defense of their most critical assets. Investment in AI-driven enhancements to security will be capital intensive but pay off in the long run.
Most Common Attack Vectors
The most common attack gateway for malicious actors was via stolen or compromised credentials, observed in 13% of cases, but the most expensive initial attack vector was found to be malicious insiders, followed by business email compromise and phishing.
IBM also reported that while 95% of organizations surveyed experienced more than one breach, only 51% had any plan to increase their security investment, a concerning statistic that takes on additional weight given the report revealed that only a third of studied breaches were detected by the victim’s own security team, compared with 27% that were disclosed by the attacker, for example, by boasting about their exploits on social media.
Security teams can benefit from having security AI and automation embedded throughout their tool sets. Organizations can deploy security AI and automation to help analysts detect new threats more accurately and contextualize and triage security alerts more effectively. These technologies can also automate portions of the threat investigation process or recommend actions to speed response. Additionally, AI-driven data security and identity solutions can help drive a proactive security posture by identifying high risk transactions, protecting them with minimal user friction and correlating suspicious behaviors more effectively.
In the constant struggle between companies and hackers, the use of AI and automation would seem to add another tool to protect companies against the losses that can come with data breaches.