Average cost of data breach episodes for UK firms totals £3.4 million

According to the 2023 study, organisations that deployed security, Artificial Intelligence (AI) and automation extensively – ie throughout security operations and within several different toolsets and capabilities – paid an average of £1.6 million less in data breach costs than those organisations choosing not to leverage these technologies.

Only 28% of those UK organisations surveyed during the study period are currently deploying security, AI and automation extensively, with a further 37% not yet adopting these technologies.

This year’s report shows a decrease in the total average cost of a data breach in the UK from £3.8 million in 2022 to £3.4 million today, but that figure still represents a 9% increase since 2020.

Martin Borrett, technical director for IBM Security UK and Ireland, commented: “With a 108-day average reduction in the breach lifecycle, security, AI and automation may be the driving forces needed to help defenders bridge the speed gap with attackers. The slight decline from last year in the overall cost of a data breach in the UK suggests the powerful impact security, AI and automation may already be exerting on early adopters.”

The 2023 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 553 organisations globally between March 2022 and March this year. The research, which is sponsored and analysed by IBM Security, was conducted by The Ponemon Institute.

Additional research findings

The UK industries exhibiting the highest average cost per data breach episode are financial services (£5.3 million), general services (£5.2 million) and technology (£4.9 million).

Stolen or compromised credentials were the most common entry point for attackers at 13%. Malicious insiders were the most expensive initial attack vector (£3.9 million), closely followed by business email compromise (at £3.86 million) and phishing (£3.85 million).

The global average cost of a data breach reached an all-time high of $4.5 million this year. While 95% of those organisations surveyed have experienced more than one breach, only 51% plan to increase their security investments.

Ransomware victims in the study that involved law enforcement in their dilemma saved $470,000 in terms of the average cost of a breach compared to those that chose not to involve the police. Despite these potential savings, 37% of ransomware victims studied did not involve law enforcement in responding to a ransomware attack.

Only one-third of studied breaches were detected by an organisation’s own security team compared to 27% that were disclosed by an attacker. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organisations that identified the breach themselves.

Loss of data

Nearly 40% of data breaches studied resulted in the loss of data across multiple environments including public cloud, private cloud and on-premises, showing that attackers were able to compromise multiple environments, while also avoiding detection. Data breaches studied that impacted multiple environments also led to higher breach costs (at $4.8 million on average).

Those critical infrastructure organisations studied experienced a 4.5% jump in the average costs of a breach compared to last year, increasing from $4.8 million to $5 million. That’s $590,000 higher than the global average.

*Download a copy of the 2023 Cost of a Data Breach Report at https://www.ibm.com/security/data-breach

**Read more about the report’s top findings by accessing the IBM Security Intelligence blog

***Register to attend the 2023 IBM Security Cost of a Data Breach webinar on Tuesday 1 August 2023 at 11.00 a.m ET here

****Connect with the IBM Security X-Force team for a personalised review of the findings: https://ibm.biz/book-a-consult.

*****For a closer look at the report’s recommendations visit Cost of a Data Breach Action Guide