Organizations Increase Use of AI and Automation to Mitigate Data Breaches
In 2024, the IBM Cost of a Data Breach Report has highlighted a significant and concerning trend: the global average cost of a data breach has escalated to $4.88 million, reflecting the escalating complexity and impact of cyber incidents. The report underscores the growing responsibilities placed on cybersecurity teams as these breaches continue to evolve and disrupt operations.
A noteworthy finding from the report is the adoption of artificial intelligence (AI) and automation by 67% of organizations. This represents nearly a 10% increase from the previous year. Among them, 20% reported utilizing generative AI security tools. Those organizations that deployed AI and automation for cybersecurity purposes managed to detect and contain incidents, on average, 98 days faster than their counterparts who did not leverage these technologies. Concurrently, the average data breach lifecycle has decreased to a seven-year low of 258 days, down from 277 days in the previous year, suggesting that such technologies may significantly enhance threat mitigation and incident response efforts.
The enhancement of internal detection capabilities has also contributed to shorter breach lifecycles. In 2024, 42% of breaches were identified by internal security teams or tools—a considerable rise from 33% the year prior. The use of such detection methods shortened the data breach lifecycle by 61 days, resulting in nearly $1 million in savings for those organizations compared to cases where breaches were reported by external parties.
The report further reveals the particularly troubling trend of intellectual property (IP) theft driven by data insecurities. Approximately 40% of breaches involved data stored across multiple environments, with over one-third linked to shadow data, which remains within unmanaged data sources. This lack of visibility contributes to a staggering 27% increase in IP theft. The average cost of stolen records also rose nearly 11% compared to the previous year, climbing to $173 per record. As businesses embrace generative AI initiatives, this data, along with other proprietary information, is becoming more accessible, necessitating a reevaluation of current security measures.
Key insights from the report provide further depth into the evolving landscape of cybersecurity. Stolen credentials accounted for 16% of initial attack vectors, highlighting their prominence as a vector for breaches. Additionally, the involvement of law enforcement during ransomware incidents led to an average saving of nearly $1 million in breach costs, suggesting that collaboration with authorities can be a strategic move for organizations facing cyber extortion.
Organizations in critical infrastructure sectors such as healthcare, financial services, and energy are experiencing the most significant breach costs, with healthcare alone incurring average costs of $9.77 million. The survey indicated that as a response to these incidents, 63% of organizations plan to increase prices, marking a continuation of the trend where operational costs stemming from breaches are passed on to consumers.
These findings indicate that organizations must remain vigilant as cyber threats evolve and intensify. The behaviors and tactics used by adversaries, such as initial access through credential theft and the subsequent exploitation of vulnerabilities, illustrate the critical importance of implementing sophisticated security measures and enhancing incident response protocols. By understanding these dynamics, businesses can better prepare themselves against the relentless tide of cybersecurity threats.
