BY Fraser Tennant
The global average cost of a data breach in the financial services (FS) sector was $6.08m in 2024, further expanding demands on firms’ cyber teams, according to a new report by IBM and the Ponemon Institute.
In its ‘Cost of a Data Breach Report 2024’ IBM reveals that the FS sector was the second highest of the 17 industries examined in the report – 22 percent higher than the cross-industry average cost of $4.88m.
The top three initial attack vectors affecting banks, insurers and other financial institutions were phishing, compromised credentials and cloud misconfigurations. Only 28 percent of FS firms employed extensive use of security artificial intelligence and automation last year, but those that did saw average cost savings of $1.9m per incident over institutions that did not.
According to the report, attacks on FS institutions typically took 168 days to identify and 51 days to contain – faster than the cross-industry average of 194 days and 64 days respectively.
Additional cross-industry findings in the 2024 IBM report include: (i) more organisations faced severe staffing shortages in 2024 compared to the prior year; (ii) 44 percent of breaches involved data stored across multiple environments including public cloud, private cloud and on-prem; and (iii) organisations would increase the cost of goods or services because of a breach – a slight increase from last year and the third consecutive year that the majority of businesses would push breach costs to consumers.
“Businesses are caught in a continuous cycle of breaches, containment and fallout response,” said Kevin Skapinetz, vice president of strategy and product design at IBM Security. “This cycle now often includes investments in strengthening security defenses and passing breach expenses on to consumers – making security the new cost of doing business.
“As generative AI (GenAI) rapidly permeates businesses, expanding the attack surface, these expenses will soon become unsustainable, compelling business to reassess security measures and response strategies. To get ahead, businesses should invest in new AI-driven defences and develop the skills needed to address the emerging risks and opportunities presented by GenAI.”
The report is based on an in-depth analysis of real-world data breaches experienced by 604 organisations globally between March 2023 and February 2024. The research, conducted by Ponemon Institute, and sponsored and analysed by IBM, has been published for 19 consecutive years.