Only Half of Organizations Increase Security Spending After a Breach

It’s said that insanity is doing the same thing over again and expecting a different result, yet that is how half of organizations approach cybersecurity.

According to IBM’s annual Cost of a Data Breach report, only 51% of organizations plan on increasing their security budget in the wake of a data breach, essentially content to continue on the same course that led to the breach in the first place.

To make matters worse, IBM says, “the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years.” It seems that almost no company has been spared, with 95% reporting multiple breaches.

Interestingly, while only a third of companies discovered a breach on their own, the companies that relied on AI the most were able to reduce the lifecycle of their data breach by an average of 108 days, from 322 days to 214.

Another telling data point is that only 37% of ransomware victims involved law enforcement, despite the fact that involving law enforcement led to an average savings of $470,000 per incident.

“Time is the new currency in cybersecurity both for the defenders and the attackers. As the report shows, early detection and fast response can significantly reduce the impact of a breach,” said Chris McCurdy, General Manager, Worldwide IBM Security Services. “Security teams must focus on where adversaries are the most successful and concentrate their efforts on stopping them before they achieve their goals. Investments in threat detection and response approaches that accelerate defenders speed and efficiency – such as AI and automation – are crucial to shifting this balance.”