The average total cost of a data breach reached $4.88 million in 2024, a 10% increase from the prior year and the highest figure recorded in the 19-year history of the IBM Cost of a Data Breach report. Healthcare remained the most expensive industry for data breaches for the 14th consecutive year, with healthcare breach costs averaging $9.77 million per incident, nearly double the cross-industry average.
The IBM report, which surveys more than 600 organizations that experienced data breaches between March 2023 and February 2024, identifies AI-enabled attacks and AI system vulnerabilities as two emerging cost drivers. AI-related breaches, where attackers exploited AI application dependencies, vendor access chains, or model inference endpoints, tend to move faster than conventional breaches and involve more data categories simultaneously.
Organizations that had deployed AI-based security tools fully throughout their operations saw average breach costs of $3.84 million, compared to $5.72 million for organizations with limited AI security deployment, a difference of $1.88 million per incident. The findings suggest that defensive AI applications can offset some of the risk from offensive AI capabilities.
The mean time to identify and contain a breach was 258 days for organizations without extensive AI security tooling, compared to 185 days for those with AI security deployed broadly. Speed of detection is the most significant driver of total breach cost, as breaches contained in fewer than 200 days cost substantially less on average.
Phishing and compromised credentials remain the two most common breach entry points, accounting for more than 30% of incidents combined. Third-party vendor breaches, which include the kind of supply chain vulnerabilities seen in AI application library compromises, represented approximately 15% of incidents.
Source: IBM -- https://www.ibm.com/reports/data-breach