In our March 2024 blog post Study Finds Average Cost of Data Breaches Continued to Rise in 2023, we highlighted the key findings of the Ponemon Institute’s Cost of a Data Breach Report 2023. Each year, the report sets forth a vast dataset analyzing data breaches at hundreds of organizations to spot trends and developments in security risks and best practices. The Ponemon Institute recently published its Cost of a Data Breach Report 2024, showing an increase in data breach costs in many areas of business.
The key findings of the report include the following:
- Rising Costs: Reaching an all-time high, the average cost of a data breach globally was $4.88 million in 2024, representing a 10% increase from 2023, when the average cost was $4.45 million. Driving these increases were the cost of (1) lost business, including operational downtime and lost customers, and (2) post-breach response, including staffing customer service help desks and paying higher regulatory fines.
- Top Countries and Regions: For the 14th year in a row, the United States led all counties and regions globally with an average cost per data breach of $9.36 million in 2024, representing a slight decrease from 2023 when the average cost of a breach was $9.48 million. The other four of the top five countries and regions globally experiencing the highest average costs of a data breach were the Middle East at $8.75 million, Benelux at $5.9 million, Germany at $5.31 million, and Italy at $4.73 million.
- Industry Highs and Lows: The industry with the highest average cost of a data breach in the United States continued to be healthcare, which saw an average of $9.77 million, a decrease from 2023 when the average cost of a breach in the industry was $10.93 million. By contrast, the financial industry came in second place with an average cost of $6.08 million per breach, while the public sector came in last place with an average cost of $2.55 million per breach.
- AI Tools: Two out of three organizations that participated in the study deployed AI tools across their security operations, a 10% increase from 2023. When deploying these tools extensively across prevention workflows, organizations averaged $2.2 million less in breach costs compared to those not using AI tools within such workflows.
- Types of Data: The most common type of data stolen or compromised was customer and employee personally identifiable information, including tax ID numbers, emails, and home addresses.
- Causation: Malicious actors committed 55% of all breaches, while 45% were due to either IT failure or human error.
- Breach Lifecycle: In 2024, it took an average of 258 total days to identify and contain a data breach, reaching a seven-year low, compared to the average of 277 total days in 2023. Data breaches with lifecycles of more than 200 days on average cost $5.46 million, a 10.3% increase from 2023 when the average cost was $4.95 million. Conversely, data breaches with lifecycles of less than 200 days on average cost $4.07 million, a 3.6% increase from 2023 when the average cost was $3.93 million.
As concerns around the costs associated with data breaches continue to be the focal point of many service agreement negotiations, the Cost of a Data Breach Report 2024 can help organizations determine the actual financial risks associated with the data being exchanged under such agreements.