As recently reported by HealthITSecurity, IBM Security’s 2023 Cost of a Data Breach Report revealed that the average cost of a healthcare data breach was almost $11 million in 2022, an $800,000 increase from the prior year and a 53% increase from 2020. The report further revealed that the global average cost of a data breach across all sectors in 2023 was $4.45 million, a 15% increase over the past three years.
IBM’s report analyzed 553 organizations impacted by data breaches during the time period between March 2022 and March 2023. To calculate the cost of data breaches, researchers involved in preparing the report took detection isolation, notification, post-breach response, and lost business costs into account.
The researchers found that the healthcare sector experienced the highest average cost of any industry for the 13th consecutive year. Critical infrastructure faced average breach costs that were significantly higher than other industries, and U.S.-based organizations faced higher breach costs overall than any other country.
The IBM report further included these key findings:
- Approximately 5% of the breaches studied were the result of known vulnerabilities that had yet to be addressed;
- Despite an increased emphasis on cybersecurity, benign third parties or threat actors themselves were more likely to be the ones to identify a breach versus the internal security teams;
- A shorter breach lifecycle was associated with an overall reduction in total cost for the breach;
- Nearly a quarter of all attacks that were analyzed involved ransomware;
- It was observed that organizations that stored data in public cloud systems and multiple environments observed higher costs and longer breach lifecycles; and
- Only 51% of organizations that suffered a breach reported increasing security investment following the breach.
The IBM report underscores the critical importance of security teams being vigilant and organizations making appropriate investments in cybersecurity. While cybersecurity initiatives can be costly, the average expense of a data breach more than justifies that cost. Moreover, ensuring that your organization has the requisite procedures in place to identify, investigate and remediate a potential data breach quickly and efficiently is critical to minimizing both harm and expense.
Organizations would be well advised to review their HIPAA/HITECH policies and procedures, their compliance programs, and their cybersecurity insurance to ensure they have taken all necessary steps to minimize these risks and prepared their organizations to promptly respond should an incident arise.