How Much Does a Data Breach Cost in 2024?

How is the Average Cost of a Data Breach Calculated?

The average data breach cost of $4.88 million is based on the overall cost to detect the breach, the cost to notify victims, post-breach response efforts and lost business. Out of the four activities, lost business and post-breach activities accounted for nearly $2.8 million of the average, which is the highest combined amount since 2018 and may be attributed to 70% of breached organizations reporting significant or very significant disruptions.

What Makes a Data Breach so Expensive?

The rising cost of data breaches is not just due to volume. Ancillary expenses beyond the breach such as hiring forensic experts, reputational damage, staffing/contracting support hotlines, and free credit reporting can significantly increase the total cost. Not to mention the looming threat of regulatory fines, which are only growing in size.

It is important to note that the report is dependent on self-reporting and does not take ransomware payments into account–so while the report has the average cost of a data breach at $4.88 million, the reality is that the number may be exponentially higher.

The Winner’s Circle… Healthcare, Industrial, Phishing and the United States

To no one’s surprise, the healthcare industry has the distinction of having the highest average cost of a data breach. The average cost of a data breach for the healthcare industry in 2024 is $9.77 million, which is a bit lower than the 2023 average cost of $10.93 million.

The industrial sector, including manufacturing, engineering and chemical process companies, experienced the largest increase in breach costs, with an average increase of nearly $830,000 per breach over the past year. This sector is highly regulated and susceptible to operational downside costs, and that is most likely the reason behind the large increase per breach.

When it comes to cost per breach by country and region, the United States takes the gold for the 14th year in a row with an average breach cost of $9.36 million.

And finally, the report found that the majority of breaches were traced back to phishing attacks or compromised credentials–both with costs of around $4 to $5 million per breach.

The Impact of Law Enforcement on Ransomware

One interesting finding from the report is the fact that involving law enforcement led to an average of $1 million in cost savings and reduced incident identification and containment time by 16 days (the average data breach takes 200 days based on the report). Even more encouraging, two thirds of those who involved law enforcement did not pay any ransom at all.

So if you are experiencing a ransomware attack, we recommend referencing the FBI’s ransomware resource page for law enforcement resources and contact information.

If you have any questions about the potential impact of a data breach or how to be better prepared, please contact our team at [email protected].

You can download the full IBM Cost of a Data Breach report here.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.

To learn more, visit our dedicated Cybersecurity page.