A new report from IBM studying real-world data breaches experienced by 553 organizations between March 2022 and March 2023, found that artificial intelligence (AI) use and whether or not firms involved law enforcement had the biggest impact on the speed of breach containment and costs.
Specifically, the Cost of Data Breach Report found that organizations making extensive use of AI and automation experienced a data breach lifecycle that was 108 days shorter compared to organizations which had not deployed these technologies.
Ransomware victims that involved law enforcement saved $470,000 in average costs and reduced the breach lifecycle by 33 days. Despite this, 37 per cent of ransomware victims did not involve law enforcement when experiencing a ransomware attack.
“Some studied organizations remain apprehensive to engaged law enforcement during a ransomware attack due to the perception that it will only complicate the situation. For the first time this year, the IBM report (now it its 18th year of publication), looked closer at this issue and found evidence to the contrary,” they write.
Finally, they say only one third of the breaches were detected by an organizations’ own security team, 27 per cent were disclosed by the attackers and 40 per cent were disclosed by a neutral third party. “Data breaches disclosed by the attacker cost nearly $1-million more, on average, compared to studied organizations that identified the breach themselves,” IBM’s researchers write.
Organizations that deployed AI and automation extensively, meanwhile, saw, on average, nearly $1.8 million lower data breach costs than organizations without the technologies deployed. Nearly 40 per cent of the studied organizations are not yet deploying security AI or automation.