IBM has released its 2024 Cost of a Data Breach Report. According to the report, the average cost per data breach incident worldwide in 2024 will be $4.88 million (about 6.761 billion won).

The average cost of data breaches for domestic companies this year was 4.833 billion won, the highest ever recorded in the seven years that Korean companies were included in the survey.

Seventy percent of respondents said a data breach had caused significant or very serious business disruption. The average cost of a leak increased 10% year-over-year, the largest increase since the pandemic.

The industries with the highest average outflow costs are professional services (legal, accounting, consulting, etc.), at approximately KRW 7.3 billion, followed by finance (KRW 7.2 billion), and manufacturing (KRW 6.28 billion).

According to the report, the main reasons for the increase in costs this year compared to the previous year were the worsening collateral damage caused by data breaches, resulting in business losses and the need to respond to customers and third parties after a breach.

More than half of the companies surveyed experienced severe staff shortages last year. The cost of breaches increased significantly by up to $5.74 million. The damage was found to have prolonged the aftereffects of the breach, taking at least 100 days to recover.
Meanwhile, AI is being used as a cybersecurity tool. The number of companies that have adopted AI and automation solutions has increased by nearly 10% year-on-year to 67%. 20% said they are using next-generation AI security tools.

The survey found that “companies that implemented security AI and automation detected and contained incidents on average 98 days faster.” They also reduced breach costs by an average of $2.2 million. The time it took to recover after a data breach hit 258 days, the lowest in seven years, down from 277 days the previous year.

IBM said, “AI technologies can help defenders gain more time by improving threat mitigation and response activities.”

The report said that as data security became weaker, intellectual property theft increased. Forty percent of breaches involved data stored in complex environments. This data visibility gap led to a sharp increase in intellectual property (IP) theft (27%). The cost associated with stolen records also skyrocketed by nearly 11% year-over-year to $173 per record.

Accordingly, IBM argued that “access to this and other proprietary data may increase even more as the AI era arrives. As critical data becomes more dynamic and active across multiple environments, enterprises will need to reevaluate the security and access regulations surrounding it.”

“Enterprises are stuck in a perpetual cycle of breach, blocking, and response. As they invest in bolstering their security response capabilities, they often pass the cost of the breach onto consumers, making security a new cost burden for business operations,” said Kevin Skapinetz, vice president of strategy and product design at IBM Security. “As generative AI rapidly infiltrates businesses and expands the attack surface, these increasing costs will force enterprises to reevaluate their security measures and response strategies. “To get ahead, companies must invest in new AI-based security and develop the technologies needed to address the new risks and changes presented by generative AI,” he said.

This report is based on an in-depth analysis of actual data breaches experienced by 604 companies worldwide from March 2023 to February 2024, and 28 domestic companies were included in the study. The study was conducted by the Ponemon Institute and sponsored and analyzed by IBM, and has been published for 19 consecutive years, establishing it as an industry benchmark.