Cost of a data breach 2024: Financial industry
According to the IBM Cost of a Data Breach 2024 report, the average global breach cost has reached USD 4.88 million — a significant increase over last year’s USD 4.45 million and the biggest jump since the pandemic.
For financial industry enterprises, costs are even higher. Companies now spend USD 6.08 million dealing with data breaches, which is 22% higher than the global average.
Here’s what financial organizations need to know about this year’s Cost of a Data Breach report.
The latest tech news, backed by expert insights
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
Financial firms had the second highest breach cost of any industry; only healthcare attacks were more expensive. Both healthcare and finance saw the same costs for large-scale breaches: When 50 million records or more were compromised, average costs skyrocketed to USD 375 million.
Malicious attacks remained the top attack vector in finance, at 51%, but IT failures and human error accounted for one-fourth of all attacks, coming in at 25% and 24%, respectively.
In terms of detection time, financial industry organizations took an average of 168 days to identify and 51 days to contain a breach. While this is lower than the global average of 194 days to identify and 64 days to contain, it’s still a significant period of time.
Consider that 168 days works out to just under six months. That’s six months of attackers infiltrating systems, carrying out reconnaissance and compromising accounts.
Simply put, costs are going up.
In 2021, the average cost of a data breach for financial firms was USD 5.72 million. By 2022, it reached USD 5.97 million and remained stable at USD 5.9 million for 2023. This year saw a 3% jump in average breach costs, plus a USD 40-million bump in the cost of 50-million-plus record breaches.
But it’s not all bad news. Detection times are nine days shorter, and containment times are five days faster. In addition, 2024 saw a significant reduction in human error. As noted above, 24% of breach root causes this year were tied to accidental activity. In 2023, meanwhile, this number was 33%.
To help reduce the risk of data breaches, finance firms are spending more on incident response (IR) and identity and access management (IAM). Reduced costs make the impact clear: Companies with IR teams and robust security testing save USD 248,000 per year on average, while those with IAM solutions save up to USD 223,000 each year.
The biggest success stories for financial IT investment, however, are AI and automation. According to study data, firms that use AI and automation save an average of USD 1.9 million compared to those that don’t.
It’s worth noting, however, that just 24% of generative AI initiatives are secured. As a result, it’s critical for financial firms to develop security frameworks for these tools or run the risk of AI becoming an additional threat vector.
Both investment and intelligent security management are critical for finance firms, given the scrutiny they face from regulatory agencies and the large number of compliance regulations they need to navigate.
For example, while firms are familiar with anti-money laundering (AML) rules under the Bank Secrecy Act (BSA) and the segregation of duties required by the Sarbanes-Oxley Act, they may encounter challenges with more regional regulations such as CCPR, GDPR and the LGPD. For example, under GDPR, financial organizations could face fines of up to 2% of the previous year’s revenue or 4% if they have already been penalized for a first offense.
Put simply? The costs of a data breach for financial firms go beyond detection, removal and remediation. Delays in finding and eliminating threats can lead to additional regulatory costs that may outpace initial expenses.
As the Cost of a Data Breach 2024 report shows, however, robust investment in IR, IAM and AI can help companies shore up defenses and keep costs down.