Skip to main content
Email

The latest news in Healthcare IT – straight to your inbox.

Home
  • Main Menu
  • Subscribe
  • Topics
    • Video
    • Analytics
    • Artificial Intelligence
    • Cloud Computing
    • EHR
    • Government & Policy
    • Interoperability
    • Patient Engagement
    • Population Health
    • Precision Medicine
    • Privacy & Security
    • Telehealth
    • Women In Health IT

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition
Global Edition
Privacy & Security

Cyber breach costs approach $10M, on average, but can be mitigated by defensive AI

Several factors combined to hit healthcare hardest again this year, but new research by the Ponemon Institute and IBM Security also found that using artificial intelligence in security reduced attacks' severity in terms of cost and recovery time.
By Andrea Fox
July 31, 2024
02:32 PM

Photo: Pixabay/Pexels

While the costs of cybersecurity attacks have increased 10% over the prior year – representing the largest annual jump since the pandemic – use of artificial intelligence and automation in defensive cybersecurity workflows continued to cut breach costs, according to IBM Security's 2024 Cost of a Data Breach Report, conducted independently by the Ponemon Institute.

The key recommendation: Invest in artificial intelligence-driven defenses to "address the emerging risks and opportunities presented by generative AI," Kevin Skapinetz, IBM Security's vice president, strategy and product design, said in an announcement Tuesday.

AI can reduce breach severity

When used "extensively," organizations experienced an average of $2.2 million less in breach costs compared to those that did not use AI-driven defenses in their security workflows. It is the largest cost savings in the annual study, the company said.

In its 19th year, IBM's benchmark study analyzed real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024. 

The use of generative AI for business operations has increased rapidly across industries, expanding attack surfaces and introducing new risks for security teams. 

"These expenses will soon become unsustainable," Skapinetz said in a statement.

In healthcare, the most affected industry for the 14th year running, data automation and AI integrations leverage electronic health records and other systems, like patient portals. Many vendors now offer chatbot-based access to machine learning algorithms that streamline operations and reduce administrative burdens plaguing the healthcare ecosystem.

Across industries, the researchers found that 67% of the organizations analyzed deployed security AI and automation – nearly 10% year over year – while 20% noted they used some form of security tools that rely on machine learning. 

The increased use of AI tools in security cuts breach costs by an average of $2.2 million, the researchers found. Two out of three organizations studied this year are deploying security AI and automation across their security operation centers.

Law enforcement is another key to cost savings. Ransomware victims saved on average nearly $1 million in breach costs by bringing in such agencies.

While 70% of breached organizations reported that the attacks caused significant disruptions, the global average data-breach life cycle hit a seven-year low of 258 days – down from 277 days in the 2023 report. By improving threat mitigation and remediation activities, and using security AI and automation extensively to detect and contain cyber incidents, security teams put time back on their sides, the researchers said in a statement.

On average, 98 days faster than organizations not using these technologies, according to the analysis.

More money for tech workforces

Organizations are also facing more severe staffing shortages, which elevated overall breach costs to $5.74 million on average for high-level shortages compared to $3.98 million for lower-level ones, according to the report.

Since last year's study, there's been a 26% increase in shortages, resulting in an average of $1.76 million more in breach recovery expenses than those with minimal or no security staffing issues.

As a result, more organizations said they are planning to increase security budgets compared to last year – 63% compared to 51% – to address technical resource and skills gaps.

An uptick of employee training is a top-planned investment area, the researchers said.

Breaches traced to data visibility gaps

The breaches that took the longest to identify and contain – at an average of 283 days – involved data stored across multiple environments, including public cloud, private cloud and on-premises.

These types of breaches comprised 40% of those studied, with an average recovery cost of more than $5 million.

Of note, a 27% increase in intellectual property theft drove costs, up nearly 11% from the prior year to $173 per record. 

The researchers also said that the addition of genAI to networks pushes data closer to the surface, and attributed the most common initial attack vector across to stolen or compromised credentials (16%). 

Data exchange initiatives that break down silos target streamlined operations and compliance with information-sharing requirements in various industries, including healthcare.

With more activity across environments, organizations must reassess security and access controls, the researchers said.

Passing increased costs on to consumers

While organizations said they planned to invest more in incident response planning, testing, threat detection and response technologies, and better identity and access management, 63% of organizations stated they would increase the consumer cost of goods or services because of a breach this year.

"Businesses are caught in a continuous cycle of breaches, containment and fallout response," Skapinetz said in a statement. 

"This cycle now often includes investments in strengthening security defenses and passing breach expenses on to consumers – making security the new cost of doing business." 

Healthcare costs are on pace to rise 8% over the next year, and more than one in four adults indicated they skipped or postponed getting the healthcare they needed in the previous 12 months because of the cost, according to a recent KFF briefing on healthcare cost challenges in the U.S. 

Increased costs for any reason could ultimately affect healthcare access.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C. Learn more and register.

 

Topics: 
Analytics, Artificial Intelligence, Data Warehousing, Network Infrastructure, Privacy & Security, Workforce

More regional news

Patient does a virtual care consult

Castlight Health intros virtual urgent care for members

By
Mike Miliard
April 18, 2025
HIMSSCast logo

HIMSSCast: Should every healthcare organization have an AI strategy?

By
Mike Miliard
April 18, 2025
Nurse checks tablet to communicate on shift

Zoom launches agentic AI-powered mobile comms for frontline staff

By
Andrea Fox
April 18, 2025
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff

Most Read

How UCHealth is reducing fall injuries with AI-enhanced risk modeling
2025: AI enhances personalized care; caregiver experience in the spotlight
Frontera launches with $32M in seed funding
Australia infuses $85M in digital mental health and more briefs
Korea University Medical Center pursues brain, heart AI development and more briefs
Roundup: AI and cloud tackle cyber risk and improve workflows

Research

White Papers

More Whitepapers

Telehealth
Create secure, connected omnichannel communications
Telehealth
Let us guide you to HIPAA compliance
Cloud Computing
How a cloud communications platform puts connection at the center of care

Webinars

More Webinars

Analytics
Standby Eligibility and Claims Solutions: Diversify Your Risk & Ensure Business Continuity
Interoperability
Nursing Leadership, Operational Innovation, and Emerging Technologies with AONL
Artificial Intelligence
Loving the AI Revolution: How Automation is Humanizing Healthcare and Improving Provider Well-Being

Video

Ilir Kullolli, Stanford Medicine Children's Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
HIMSS-ACCE working together to advance digital health
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts
Priyanka Jain, Evvy_Hand holding sample vial Photo courtesy of Evvy
How one women's health startup tests fertility outcomes
Keisuke Nakagawa, UC San Diego Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
Can technology help bring the human touch back to medicine?

More Stories

Lee Kim, HIMSS_Las Vegas skyline Photo by halbergman/E+/Getty Images
Past year's data breaches often stemmed from remediable cybersecurity gaps
Cathy Menkiena, Health Catalyst_Las Vegas skyline Photo by halbergman/E+/Getty Images
Innovative – and useful – tech is key to empowering care teams
Sameer Sethi of Hackensack Meridian Health on AI
Hackensack Meridian Chief AI Officer on the intersection of business and technology
Doctor checking and tracking information on a computer
HHS updates regulatory guides for the safe use of EHRs
Sameer Sethi, Hackensack Meridian Health_Computer neural network concept Photo by dan/Moment/Getty Images
Chief AI Officer on becoming one and working with the C-suite
Businessperson signing piece of paper
White House releases guidance on federal AI use and procurement
Dr. Ateev Mehrotra of Brown University School of Public Health on telehealth policy
Brown University policy expert talks about the future of telehealth flexibilities
Micky Tripathi, former HHS acting chief AI officer
Former National Coordinator headed to Mayo Clinic, reports say
Home

More News

  • MobiHealthNews
  • Healthcare Finance News
  • Healthcare Payers News

Newsletter Signup

HIMSS25 European Health Conference & Exhibition
HIMSS25 European Health Conference & Exhibition
Get ready for knowledge-sharing, all the latest innovations, and in-depth demos with Europe's most influential healthcare community.
10 - 12 June, 2025 | Paris
Learn More
AI in Healthcare Forum
AI in Healthcare Forum
The HIMSS AI in Healthcare Forum cuts through the hype to showcase real-world examples illustrating the transformative potential, and realistic challenges of AI application across the care continuum.
10 - 11 July 2025 | New York
Learn More

Footer Menu

  • About
  • Advertise
  • Reprints
  • Contact
  • Privacy Policy

© 2025 Healthcare IT News is a publication of HIMSS Media

X

Topics

  • Video
  • Analytics
  • Artificial Intelligence
  • Cloud Computing
  • EHR
  • Government & Policy
  • Interoperability
  • Patient Engagement
  • Population Health
  • Precision Medicine
  • Privacy & Security
  • Telehealth
  • Women In Health IT

Career

  • Events
  • Jobs
  • Research Papers
  • Webinars

More

  • About
  • Advertise
  • Contact
  • Special Projects
  • Video

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition

The Daily Brief Newsletter

Get daily news updates from Healthcare IT News.

Search form

Top Stories

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff
HIMSSCast logo
HIMSSCast: Should every healthcare organization have an AI strategy?
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts