This article presents key findings from 2024 reports on data breaches. Breaches are taking longer to resolve and are becoming more costly for organizations. With recovery times extending and costs increasing, businesses face growing challenges in managing the aftermath.
Full recovery from breaches takes longer than expected
In 2024, businesses reported taking an average of 7.3 months to recover from cybersecurity breaches – 25% longer than expected and over a month past the anticipated timeline of 5.9 months. Recovery times were even worse for companies that planned on cutting back cybersecurity spending. They faced an average of 68 incidents each – 70% above the average – and their recovery times stretched to 10.9 months, more than five months longer than those maintaining or increasing their budgets.
Identity-related data breaches cost more than average incidents
40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 44% estimated that the total costs of identity-related data breaches exceeded the cost of a typical data breach. By sector, agriculture and aerospace estimated that identity-related data breaches tended to cost them the most, with 50% and 43% of respondents noting that breaches had cost them more than $10,000,000 (respectively).
Data breaches trigger increase in cyber insurance claims
Over the last year in particular, data breaches have emerged as one of the fastest growing areas of US class action litigation. Over 1,300 were filed across a wide range of data privacy regulations in 2023, more than double the number filed in 2022 and four times that filed in 2021, according to law firm Duane Morris.
Average data breach cost jumps to $4.88 million, collateral damage increased
IBM revealed that the global average cost of a data breach reached $4.88 million in 2024, as breaches grew increasingly disruptive and placed greater demands on cyber teams. The disruptive effects data breaches are having on businesses are not only driving up costs, but are also extending the after-effect of a breach, with recovery taking more than 100 days for most of the small number (12%) of breached organizations that were able to fully recover.
Ransomware fallout: 94% experience downtime, 40% face work stoppage
66% of organizations that suffered a data breach in the last year chose to publicly disclose information regarding their incidents, while 30% only disclosed their breaches to impacted parties.
Third-party breaches shake the foundations of the energy sector
90% of the world’s largest energy companies experienced a third-party breach in the past 12 months. 33% of energy companies had a C Security Rating or below, indicating higher likelihood of breach.
1 out of 3 breaches go undetected
Organizations continue to struggle in detecting breaches as they become more targeted and sophisticated, with more than 1 out of 3 organizations citing their existing security tools were unable to detect breaches when they occur. 31% of organizations only detected a recent breach when they received an extortion threat from the adversary.
51% of enterprises experienced a breach despite large security stacks
Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result. On average, enterprises already have 53 security solutions in use across their organization, however, despite large security stacks, 51% of enterprises reported a breach over the past 24 months.