www.tripwire.com Open in urlscan Pro
2606:4700::6812:fb0  Public Scan

Form analysis
1 forms found in the DOM

GET /search

<form action="/search" method="get" id="views-exposed-form-site-search-page-1" accept-charset="UTF-8">
  <div class="form-row">
    <fieldset class="js-form-item js-form-type-textfield form-type-textfield js-form-item-keys form-item-keys form-no-label form-group">
      <label for="edit-keys" class="sr-only">Keywords</label>
      <input data-bef-auto-submit-exclude="" placeholder="Search for keywords" data-drupal-selector="edit-keys" type="text" id="edit-keys" name="keys" value="" size="30" maxlength="128" class="form-text form-control">
    </fieldset>
    <fieldset class="js-form-item js-form-type-select form-type-select js-form-item-sort-bef-combine form-item-sort-bef-combine form-no-label form-group">
      <label for="edit-sort-bef-combine" class="sr-only">Sort</label>
      <select class="form-control form-select" data-drupal-selector="edit-sort-bef-combine" id="edit-sort-bef-combine" name="sort_bef_combine">
        <option value="search_api_relevance_1_DESC">Best match</option>
        <option value="published_at_DESC">Newest first</option>
        <option value="published_at_ASC">Oldest first</option>
        <option value="title_ASC">Title A-Z</option>
        <option value="title_DESC">Title Z-A</option>
      </select>
    </fieldset>
    <div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-group" id="edit-actions"><input data-bef-auto-submit-click="" class="search-button button js-form-submit form-submit btn btn-primary form-control"
        data-drupal-selector="edit-submit-site-search" type="submit" id="edit-submit-site-search" value="">
    </div>
  </div>
</form>

Text Content

Cookie-Präferenzen
2023 Cost of a Data Breach: Key Takeaways | Tripwire Skip to main content
 * Email Us
 * 800-328-1000


SECONDARY NAVIGATION

 * Customer Portal
 * Partner Portal
 * GET A DEMO

 * Products Toggle Dropdown
    * Tripwire Enterprise
    * Tripwire ExpertOps
    * Tripwire IP360
    * Tripwire LogCenter
    * View All Products

 * Solutions Toggle Dropdown
    * Security Configuration Management
    * File Integrity and Change Monitoring
    * Vulnerability Management
    * Cloud
    * Compliance
    * Industries

 * Services
 * Resources Toggle Dropdown
    * Upcoming Events
    * On-Demand Webinars
    * Datasheets
    * Case Studies
    * Guides
    * Training
    * View all Resources

 * Blog
 * About Toggle Dropdown
    * Careers
    * Leadership
    * Newsroom
    * Partners
    * Contact Us

Keywords Sort Best matchNewest firstOldest firstTitle A-ZTitle Z-A


 1. Home
 2. Blog
 3. 2023 Cost of a Data Breach: Key Takeaways

2023 COST OF A DATA BREACH: KEY TAKEAWAYS


Posted on September 5, 2023


Image


2023 Cost of a Data Breach: Key Takeaways

It’s that time of year - IBM has released its “Cost of a Data Breach Report.”
This year’s report is jam-packed with some new research and findings that
highlight how organizations are implementing security and risk mitigation
techniques to help identify and contain data breaches.


KEY TAKEAWAYS

 * The average total cost of a data breach has reached an all-time high in 2023
   of $4.45 million. This is an increase of 2.3% from last year’s $4.35 million.
 * Even with data breach costs rising, surveyed companies were split 49% to 51%
   on whether to increase security investments. Areas identified for investment
   included incident planning and response, employee training, threat detection
   and response technologies.
 * AI and automation investments show reduced costs and minimized time to
   identify and contain data breaches.
 * Cloud environments were frequent targets, with attackers often gaining access
   to multiple environments, with 39% of breaches spanning multiple instances
   with an average cost of $4.75 million.
 * DevSecOps and Incident Response (IR) planning and testing adoption lead the
   way for cost saving, with DevSecOps saving organizations an average of $1.68
   million, and IR planning and testing saving $1.49 million.
 * Low or no security complexity experienced an average data breach cost of
   $3.84 million, while organizations that had high levels of security system
   complexity reported an average cost of $5.28 million, an increase of 31.6%.


WHAT’S THE DAMAGE?

This year in 2023, the average cost of a data breach has gone up again from
2022’s previous cost of $4.35 million, to $4.45 million. That’s an increase of
2.3%. The United States took that top spot this year with the highest average
cost of $9.48 million, followed by the Middle East region with $8.07 million.
The numbers then drop somewhat precipitously, with Canada at $5.13 million,
Germany at $4.67 million and finally Japan with $4.52 million. The figure below
shows the top 10 countries or regions.

 

Image


Breaking down costs by industry, not much has changed, with Healthcare incurring
the highest cost of an average of $10.93 million per breach, followed by
Financial, Pharmaceuticals, Energy, and Technology to round out the top 5. It’s
important to note that just because an industry garners a high average cost per
breach doesn’t make it the most targeted. IBM threat intelligence reports that
Manufacturing was the most commonly targeted industry in 2023. The below graph
shows the cost of a breach by sector.

Image


The attack vectors commonly used should be no surprise to anyone, with phishing
being the most widely used at 16%, followed by stolen or compromised
credentials, cloud misconfiguration, compromised business email, and zero-day
vulnerabilities.


SECURITY INVESTMENTS

The global cost of data breaches has been on the rise. Having that in mind, many
would think that organizations would increase their spending on security
investments. Following a data breach, 51% of companies said they would increase
spending, and 49% said they would not increase spending. The most common
investment types for those organizations increasing their spending were in IR
plan and testing at 51%, followed closely by employee training at 46%.

Within organizations, investments in security AI and automation are starting to
see increased utilization, and their cost savings are delivering impressive
numbers. Of the organizations surveyed, only 28% extensively used security AI
and automation tools, while 33% had limited use. This leaves nearly 4 in 10
relying on just manual inputs in their security operations. The graphs below
paint a picture of the utilization of AI and the cost savings benefits it
provides in the event of a data breach.

 

Image


As shown above, organizations that utilized security AI and automation
extensively had a dramatic difference of 39.3% compared to those with no use at
all. Even with limited use, this still provides a 28.1% difference. The
interesting thing to note is the average cost of a data breach with
organizations with no use of AI or automation was 18.6% greater than the 2023
average cost of a data breach.


LIGHT AND DARK SIDE OF CLOUD STORAGE

There are many variables during a data breach. What was the attack vector, what
safeguards were in place that failed, and where was the data stored? Most
commonly, the breaches have data spanning multiple environments, including cloud
and on-premises. The graphs below show the storage locations, and the associated
costs.

 

Image


In figure 4.1, the data shows the largest percentage of breaches occurring, with
data being stored across multiple environments at 39%, followed by public cloud
at 27%. Preface this with figure 4.2, the cost of a breach associated with
storing data across multiple types of environments reached $4.75 million, while
the lowest cost of a breach was associated with private cloud data storage at
$3.98 million, making a 17.6% difference in cost.


KEY COST FACTORS

This year’s most effective cost mitigators were the DevSecOps approach, Employee
Training, and IR plan and testing. The DevSecOps approach had the greatest
effect on cost mitigation. This can be attributed to automating the integration
of security at every phase of the software development lifecycle. This allows
development teams to deliver better, more-secure code faster and, therefore,
cheaper. IR planning and testing is another important piece of the security
puzzle that organizations are starting to put together.

Having an IR plan in place can help mitigate fallout of security events. There
are readily available resources from third parties, such as NIST, that can guide
you through the process of building a concrete IR plan.

Image


Figure 5.1 shows the massive amount of cost savings between the top 3
cost-mitigating factors. DevSecOps adopters had an average cost of $3.54
million, a difference of 22.8% compared to the average cost of a data breach,
while those with a low level or no usage of DevSecOps had a significantly higher
cost of $5.22 million, a difference of 15.9% greater than the average cost of a
data breach.

Now that we’ve looked at the top three cost-mitigating factors, let’s look at
the top three cost-amplifying factors. These include security system complexity,
the security skills shortage, and noncompliance with regulations. Starting with
security system complexity, most people think of a complex security system as a
good thing, but that’s not always the case. When a security system becomes too
complex, the interdependencies have negative implications up and downstream.



Image


Organizations with high levels of security system complexity suffered a $5.28
million average cost for a breach. This reflects a difference of 17.1% compared
to the average cost of a data breach. The security skills shortage is estimated
to incur an 18.6% cost, and regulatory noncompliance can result in a 12.6%
increase cost of a data breach.


RECOMMENDATIONS TO AID IN REDUCING THE COST OF A DATA BREACH

IBM Security outlines the following measures that an organization can take to
help reduce the financial and reputational impacts of a data breach:

 * Believe in the DevSecOps approach. Build security into every stage of the
   SDLC and deployments and conduct regular testing. Security should be at the
   forefront of every organization’s mindset when using either commercial,
   off-the-shelf software, or when developing software on their own. Developers
   should adhere to the adoption of a “secure by design and secure by default”
   mindset.
 * Ensure hybrid cloud solutions have the most current data protections in
   place. Jumping headfirst into the rapid adoption of new cloud applications
   and services can increase the risk of sensitive data not being properly
   secured. In the 2023 report, the majority (82%) of organizations that
   suffered data breaches had data stored in cloud environments. Organizations
   in the wake of these challenges should seek data security and compliance
   technologies that work on all platforms, allowing them to protect data moving
   across various environments.
 * Embrace AI and automation in your organization’s security practice for
   increased speed and efficiency. It’s no secret that AI and automation are
   being used more and more to streamline and strengthen security. Organizations
   that incorporate AI and automation delivered a cost savings of $1.8 million,
   accelerating the time to identify and contain a breach by more than 100 days,
   compared to organizations that did not use those tools. This strategy,
   packaged with threat detection and response tools can help organizations
   detect new threats and accurately pinpoint security alerts.
 * Understand the attack surface, and implement and practice incident response.
   Knowing where you are exposed to attacks that are most relevant to your
   organization’s industry and prioritizing those needs can give you an upper
   hand when trying to keep your data safe and secure. Attack Surface Management
   (ASM) tools can help organizations identify their risk profile and
   vulnerabilities. Having IR planning and testing in place has shown itself to
   be a top three cost mitigator in this year's 2023 report. Organizations that
   planned and rehearsed IR had a $1.49 million lower data breach cost, compared
   to those who do not.

There is no “one-size fits all” approach that organizations can implement when
it comes to data security. Regulations require different policies and practices
to be in place, and the threat landscape is always changing.

There are many corners of the room where attackers are looking for an opening;
studying, and planning their next moves. Understanding and processing other
organizations’ shortfalls, and improving upon them with the tools and practices
learned in this year's 2023 data breach report are small steps towards a more
secure future.



MATTHEW JERZEWSKI



View Profile
Related Solutions
Cybersecurity
Related Content
Blog
2023 Zero Trust Security Report Highlights
Blog
The CISO Report – The Culture Club
Blog
An Introduction to Cyber Threat Intelligence: Key Concepts and Principles


FOOTER MENU


PRODUCTS & SERVICES

 * Tripwire Enterprise
 * Tripwire IP360
 * Tripwire LogCenter
 * Tripwire ExpertOps
 * Services
 * View All Products
 * Fortra Products


SOLUTIONS

 * By Security Need
 * By Compliance Need
 * By Industry


RESOURCES

 * Upcoming Events
 * On-Demand Webinars
 * Datasheets
 * Training
 * Request a Quote
 * Start a Demo


ABOUT

 * Fortra
 * Patents
 * Customer Support
 * Report a Vulnerability


CONTACT INFORMATION


PRIVACY POLICY


COOKIE POLICY


IMPRESSUM

Copyright © Fortra, LLC and its group of companies. All trademarks and
registered trademarks are the property of their respective owners.