Bits and Splits - stock.adobe.co

Breach costs soar as record ransomware payment made

IBM publishes data on the spiralling costs of cyber attacks and data breaches, while researchers identify what appears to be the largest ransomware payment ever made

The average cost of a data breach in the UK has soared to £3.58m from March 2023 to February 2024, up 5% compared with the previous 12-month period and reversing a declining trend, with financial services organisations seeing the costliest incidents, followed by professional services and technology, all averaging £5.4m and over.

This data, contained in the 19th annual IBM Cost of a data breach report, reveals much about how disruptive cyber attacks are becoming, and how much collateral damage they are causing, with much of the cost increases attributable to lost business, and post-breach customer and third-party responses. This is also affecting the time taken to recover from an incident – for those that are able to do so, which is already a minority of just 12% – this is well over 100 days.

Other key factors making breaches more costly included fines for non-compliance with regulations, and impacts to internet of things (IoT) or operational technology (OT) estates, and supply chain partners.

“In a landscape marked by increasing cyber threats, this year’s report highlights critical vulnerabilities and strategic opportunities,” said Martin Borrett, technical director of IBM Security for the UK and Ireland.

“Worldwide, organisations with severe security staffing shortages were affected by a substantial rise in breach costs.

“Security AI and automation are effective in supporting team efforts to identify and accelerate incident response, helping UK companies reduce both breach expenses and business impact,” he said. “Robust, AI-driven security measures are essential, and addressing regulatory non-compliance and IoT vulnerabilities remains crucial.”

IBM’s report comes alongside disclosures from the research team at Zscaler’s ThreatLabz unit, which earlier revealed it had identified a record-breaking ransom payment of $75m (£58.5m), made by an unknown victim to the Dark Angels ransomware group.

Similar tactics

Zscaler said it believed Dark Angels’ “success” in driving ransom payments to new heights would motivate other cyber criminal gangs to use similar tactics against their victims, heralding more such payments and, ultimately, costs.

“This is an alarmingly high figure, and most organisations would never believe cyber crime could cost them so much, or that they would ever be in a position where paying millions to an attacker is even a possibility,” said Barrier Networks chief technology officer Ryan McConechy.

“Attackers will often research a target’s accounts to set the ransom at a figure it can afford, which is also slightly lower than the cost of operational downtime and rebuilding systems from scratch,” he said.

“This is what makes ransomware so successful ... But losing such a lot of money will undoubtedly have had a toll on the organisation – it doesn’t matter how big you are, $75m is a massive hit, and no one can say if this enabled them to get back online fully.

Stolen credentials lead cause of breaches

The IBM report went on to share some further statistics on the financial impacts of cyber breaches affecting UK organisations.

In terms of initial causes of breaches and incidents, stolen or compromised credentials were the most common initial attack vector, representing an average total cost of £4.27m per breach, followed by phishing at £3.59m and business email compromise at £4.03m. Breaches occasioned by malicious insiders were the most expensive, costing an average of £4.36m.

Meanwhile, in incidents that arose through data visibility gaps – where data is held in multiple environments, such as public and private clouds, or on-premise – incident costs were an average of £3.5m and took the longest to identify and contain, at over 250 days.

Globally, over half the organisations studied were experiencing severe or high-level security staffing shortages, and those tended to experience costs of over $1.75m more as a result.

Automation and AI, a path forward

IBM also uncovered evidence that those organisations adopting AI-powered security products and services may be set to reverse the rising costs of breaches and incidents in the future.

Those that had already deployed security AI and automation were able to detect and contain incidents an average of 106 days – over three months – quicker than others, and incurred average costs of £1.06m less than those who had not.

“The IBM 2024 Cost of a data breach report underscores the urgent need for businesses to invest in robust security measures, including AI-powered prevention and automation technologies,” said TechUK chief operating officer and markets director Matthew Evans.

“As organisations continue to adopt generative AI technologies, addressing the new security vulnerabilities that come with them and prioritising investments in security staffing and training is crucial,” he said. “By enhancing security measures and leveraging advanced technologies, businesses can better protect their data and mitigate the far-reaching impacts of breaches.”

Next Steps

GuidePoint talks ransomware negotiations, payment bans

Read more on Data breach incident management and recovery