Jun 11, 2024 - The Costs of Recovering from Cyberattacks Are Growing.

Protection Provided By Your IT Team May Not Be Enough.

As anyone responsible for keeping a growing business running will tell you, budgets are stretched tighter than ever. Organizations of all sizes are always on the lookout for ways to increase efficiency and reduce expenses. In the face of those financial headwinds, cyberattacks - and the costs involved with recovering from them - continue to increase. But there are ways to prepare. (Please check out and register for our Cybersecurity Webinar Series, below.)

According to the comprehensive Cost of a Data Breach Report – 2023, from IBM Security® and the Ponemon Institute, the global average cost of a breach in 2023 climbed to $4.45 million, a $100,000 increase from 2022. The US continues to see the highest data breach costs, averaging a whopping $9.48 million last year. 

A few other key insights from the report:

• Organizations with fewer than 500 employees are seeing data breach costs climb more aggressively than larger businesses. These smaller companies saw the average cost of a data breach increase from $2.92 million in 2022 to $3.31 million in 2023 – a 13.4 percent difference.
  
  
• Healthcare companies continue to report the highest data breach costs, increasing to $10.93 million in 2023, an 8.2 percent climb from 2022. 
  
  
• Most of the organizations surveyed for the report – 57 percent – end up needing to pass along the costs of recovering from a breach to their customers, an unhappy situation all around.
  
  
• Making sure you have the right security in place makes a massive difference. Companies with fully-deployed security spent $1.76 million less to recover from a breach than those without that level of protection. And the breach lifecycle - the time needed to identify, contain, and mitigate a breach - was 108 days shorter for well protected organizations.
  
  
• Organizations that didn’t involve law enforcement in a ransomware attack paid 9.6 percent more – about $470,000 - than those that did report occurrences to authorities.
  
  
• Organizations with an incident response (IR) plan in place that was regularly tested saw an average of $1.49 million lower breach costs than those that had no plan.

What’s pushing up the costs of data breaches?

The report also sheds light on the reasons behind the increased cost of attacks. Two of the largest factors are:

1. A shortage in security skills within an organization, which adds an average of $239,000 to the cost of a data breach.
2. Non-compliance with relevant regulations, which adds $219,000 to the total.

What are the most effective cost mitigators?

Incident response (IR) planning and employee training can significantly shrink the costs of a breach. In the report, companies with high levels of IR planning and testing ended up paying $1.49 million (34.1 percent) less than those with little to no IR preparation. 

Additionally, there was a cost of cyberattacks differential of $1.5 million (33.9 percent) between companies with high levels of employee training and those with low levels.

External expertise shrinks the data breach lifecycle. 

Organizations that utilized outside help from a managed security services provider experienced a 21 percent shorter breach lifecycle. These organizations were able to identify breaches 16 days faster and contain them 10 days sooner than those with no external assistance. 

An IT talent shortage makes internal staffing challenging – and pricey.

Increased hiring costs, and more employment opportunities than available candidates have made it difficult for smaller companies to find and keep skilled tech labor. The turnover rate for IT workers reached 13.5% in 2023. 

To compound the problem, an aging workforce is shrinking the overall talent pool. The deficit in highly skilled tech workers (those with a college degree or high-level trade college qualification) is expected to reach more than 6.5 million people by 2030.

A more cost-efficient, effective approach.

To help bridge the gap in skills and people with the expertise to protect your business, we offer the right cybersecurity solutions for your business needs. To learn more about how CompassMSP can help, please contact us here, or call 833-444-2677.

Register for the next CompassMSP Cybersecurity Webinar

You’re invited to joins us on June 27^th at 1:00 PM EDT for "Identify: Risk Management Essentials Safeguarding Business Assets and Growth", the second of a series of informative webinars. We’ll discuss the current cybersecurity landscape, a roadmap for effective, holistic protection, and much more.