While the costs of cybersecurity attacks have increased 10% over the prior year – representing the largest annual jump since the pandemic – use of artificial intelligence and automation in defensive cybersecurity workflows continued to cut breach costs, according to IBM Security's 2024 Cost of a Data Breach Report, conducted independently by the Ponemon Institute.

The key recommendation: Invest in artificial intelligence-driven defenses to "address the emerging risks and opportunities presented by generative AI," Kevin Skapinetz, IBM Security's vice president, strategy and product design, said in an announcement Tuesday.

AI can reduce breach severity

When used "extensively," organizations experienced an average of $2.2 million less in breach costs compared to those that did not use AI-driven defenses in their security workflows. It is the largest cost savings in the annual study, the company said.

In its 19th year, IBM's benchmark study analyzed real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024. 

The use of generative AI for business operations has increased rapidly across industries, expanding attack surfaces and introducing new risks for security teams. 

"These expenses will soon become unsustainable," Skapinetz said in a statement.

In healthcare, the most affected industry for the 14th year running, data automation and AI integrations leverage electronic health records and other systems, like patient portals. Many vendors now offer chatbot-based access to machine learning algorithms that streamline operations and reduce administrative burdens plaguing the healthcare ecosystem.

Across industries, the researchers found that 67% of the organizations analyzed deployed security AI and automation – nearly 10% year over year – while 20% noted they used some form of security tools that rely on machine learning. 

The increased use of AI tools in security cuts breach costs by an average of $2.2 million, the researchers found. Two out of three organizations studied this year are deploying security AI and automation across their security operation centers.

Law enforcement is another key to cost savings. Ransomware victims saved on average nearly $1 million in breach costs by bringing in such agencies.

While 70% of breached organizations reported that the attacks caused significant disruptions, the global average data-breach life cycle hit a seven-year low of 258 days – down from 277 days in the 2023 report. By improving threat mitigation and remediation activities, and using security AI and automation extensively to detect and contain cyber incidents, security teams put time back on their sides, the researchers said in a statement.

On average, 98 days faster than organizations not using these technologies, according to the analysis.

More money for tech workforces

Organizations are also facing more severe staffing shortages, which elevated overall breach costs to $5.74 million on average for high-level shortages compared to $3.98 million for lower-level ones, according to the report.

Since last year's study, there's been a 26% increase in shortages, resulting in an average of $1.76 million more in breach recovery expenses than those with minimal or no security staffing issues.

As a result, more organizations said they are planning to increase security budgets compared to last year – 63% compared to 51% – to address technical resource and skills gaps.

An uptick of employee training is a top-planned investment area, the researchers said.

Breaches traced to data visibility gaps

The breaches that took the longest to identify and contain – at an average of 283 days – involved data stored across multiple environments, including public cloud, private cloud and on-premises.

These types of breaches comprised 40% of those studied, with an average recovery cost of more than $5 million.

Of note, a 27% increase in intellectual property theft drove costs, up nearly 11% from the prior year to $173 per record. 

The researchers also said that the addition of genAI to networks pushes data closer to the surface, and attributed the most common initial attack vector across to stolen or compromised credentials (16%). 

Data exchange initiatives that break down silos target streamlined operations and compliance with information-sharing requirements in various industries, including healthcare.

With more activity across environments, organizations must reassess security and access controls, the researchers said.

Passing increased costs on to consumers

While organizations said they planned to invest more in incident response planning, testing, threat detection and response technologies, and better identity and access management, 63% of organizations stated they would increase the consumer cost of goods or services because of a breach this year.

"Businesses are caught in a continuous cycle of breaches, containment and fallout response," Skapinetz said in a statement. 

"This cycle now often includes investments in strengthening security defenses and passing breach expenses on to consumers – making security the new cost of doing business." 

Healthcare costs are on pace to rise 8% over the next year, and more than one in four adults indicated they skipped or postponed getting the healthcare they needed in the previous 12 months because of the cost, according to a recent KFF briefing on healthcare cost challenges in the U.S. 

Increased costs for any reason could ultimately affect healthcare access.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.

The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C. Learn more and register.