IBM: Data Leaks Cost Companies an Average of 4.3 Million Euros

IBM: Data leaks cost companies an average of 4.3 million euros

Those who rely more on AI and automation shorten the life cycles of leaks by 81 days and reduce the follow-up costs per incident by 1.76 million euros.

Every summer, IBM Security publishes figures on how high the average cost of a data leak is. This refers to violations of the security, integrity or availability of data. For the current year, the costs per incident in Germany amount to 4.3 million euros. This is a slight decrease compared to the previous year. At that time, the comparable figure was 4.41 million euros.

In addition, IBM notes that the analysed German companies need an average of 182 days to uncover and contain data leaks. That is 95 days less than the global average, which was 277 days.

The figures are based on an analysis of real data leaks reported by 553 companies worldwide between March 2022 and March 2023. The study, commissioned and analysed by IBM Security, was conducted by the Ponemon Institute and has been published for 18 years.

AI gaining momentum

According to the study, AI and automation had the greatest impact on the speed with which the companies surveyed were able to detect and contain data leaks. German companies that relied heavily on both technologies had an 81-day shorter data leak lifecycle than companies that did not use these technologies (160 days versus 241 days).

Silence costs

Ransomware victims in the study who engaged law enforcement saved an average of $470,000 (approximately €418,000) in costs per incident globally compared to those who did not engage law enforcement. Despite these potential savings, 37% of the ransomware victims studied did not involve law enforcement when a ransomware attack occurred.

Gaps in detection

Only one-third of incidents studied globally were detected by companies’ own cyber security teams, while 27% were detected by the attackers. Data leaks that were only revealed by the attack cost a global average of nearly $1 million (about €890,000) more than those at organisations that detected the attacks themselves, according to the study.