The cost of a data breach in the UK has risen to an average of £3.58m from March 2023 to February 2024, marking a 5% increase compared to the previous 12-month period. Financial services organisations are experiencing the most costly incidents, followed by professional services and technology, with all averaging over £5.4m.
The 19th annual IBM Cost of a data breach report highlights the growing impact of cyber attacks and the collateral damage they are causing. Factors contributing to the increased costs include lost business, post-breach customer and third-party responses, fines for non-compliance with regulations, impacts to internet of things (IoT) or operational technology (OT) estates, and effects on supply chain partners.
IBM’s technical director of security for the UK and Ireland, Martin Borrett, emphasizes the need for robust security measures, addressing regulatory non-compliance, and vulnerabilities in IoT. The report also reveals that organisations with severe security staffing shortages saw a substantial rise in breach costs, while security AI and automation can help reduce expenses and business impact.
In a separate disclosure, Zscaler’s ThreatLabz unit reported a record-breaking ransom payment of $75m made to the Dark Angels ransomware group. The success of this payment is expected to motivate other cyber criminal gangs to adopt similar tactics, leading to more ransom payments and increased costs for organisations.
The IBM report also highlights the financial impacts of cyber breaches in the UK, with stolen credentials being the most common initial attack vector, followed by phishing and business email compromise. Breaches caused by malicious insiders were the most expensive. Organizations experiencing data visibility gaps incurred average costs of £3.5m and took over 250 days to identify and contain the incidents.
Organizations that have adopted AI-powered security products and automation technologies are able to detect and contain incidents more quickly and incur lower costs. It is essential for businesses to invest in robust security measures, including AI-powered prevention and automation technologies, in order to protect their data and mitigate the impacts of breaches.