As per the IBM Data Breach Cost Report for 2024, the mean global breach expense has reached $4.88 million — a notable surge compared to last year’s $4.45 million and the most significant leap since the pandemic.
For financial sector corporations, expenses are even higher. Entities now allocate $6.08 million managing data breaches, marking a 22% increase from the global average.
Here’s the essential information financial institutions should be aware of from this year’s Data Breach Cost report.
A Brief Look at 2024: Laborious and Expensive
Financial organizations had the second highest breach cost across all sectors; only healthcare breaches were more costly. For both healthcare and finance, the expenses for extensive breaches were the same: When over 50 million records were compromised, the mean expenses soared to $375 million.
In finance, malicious attacks remained the dominant attack method, at 51%, while IT failures and human mistakes contributed to a quarter of all breaches, tallying at 25% and 24%, respectively.
Regarding detection speed, financial sector entities took on average 168 days to detect and 51 days to control a breach. Although these figures are lower than the global standards of 194 days for detection and 64 days for containment, they still represent a substantial duration.
Reflect on this: 168 days equates to just under six months. That’s half a year of intruders penetrating systems, conducting reconnaissance, and compromising accounts.
Observing Data Breach Trends Over Time
Simply put, expenses are on the rise.
In 2021, the mean expense of a data breach for financial establishments was $5.72 million. By 2022, it had escalated to $5.97 million and stabilized at $5.9 million in 2023. This year demonstrated a 3% increase in the mean breach expenses, along with a $40-million surge in expenses for breaches involving over 50 million records.
Nonetheless, there is some positive news. Detection times reduced by nine days, and containment times accelerated by five days. Additionally, 2024 witnessed a substantial decline in human errors. As highlighted earlier, 24% of the root causes of breaches this year were linked to inadvertent actions. In contrast, this figure stood at 33% in 2023.
Areas of Security Investment in Financial Establishments — and Their Benefits
To lower the risk of data breaches, financial entities are increasing investments in incident response (IR) and identity and access management (IAM). The notable cost reductions underline the significance: Companies with IR teams and vigorous security testing save an average of $248,000 annually, whereas those with IAM solutions realize savings of up to $223,000 per year.
Nevertheless, the most successful stories in financial IT investments are tied to AI and automation. According to study statistics, establishments utilizing AI and automation save an average of $1.9 million in comparison to those that do not employ these technologies.
It’s essential to note, however, that only 24% of generative AI initiatives are safeguarded. Consequently, financial institutions need to build security frameworks for these tools to prevent AI from evolving into an additional threat vector.
The Role of Regulation in Financial Security
Both investment and smart security management are pivotal for financial entities, considering the scrutiny they encounter from regulatory bodies and the multitude of compliance regulations they must navigate.
For instance, while firms are well-versed with anti-money laundering (AML) regulations under the Bank Secrecy Act (BSA) and the mandatory segregation of duties as per the Sarbanes-Oxley Act, they may face obstacles with more local regulations such as CCPR, GDPR, and the LGPD. For instance, under GDPR, financial institutions could face fines of up to 2% of the previous year’s revenue, or 4% if penalized for a prior offense.
Put succinctly, the expenses of a data breach for financial establishments extend beyond detection, elimination, and rectification. Delays in identifying and eradicating threats can result in additional regulatory expenses that may surpass initial outlays.
As revealed in the 2024 Data Breach Cost report, robust investments in IR, IAM, and AI can help companies fortify defenses and curtail expenses.