<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
Show all

A Different Look at 2023 Data Breaches: Through the Lens of Financial Cost

The 2023 Report on the Cost of a Data Breach, compiled annually by IBM and the Ponemon Institute, reveals organizations’ responses to cybercrime

The cost of a data breach has been climbing since 2017, and in 2023 reached a record $4.45 million (USD), according to the latest Cost of a Data Breach Report. The average cost dipped slightly at the start of the pandemic in 2020, but since then has climbed steadily with the cost of a data breach exceeding $4 million each year.

Data breach costs have climbed since 2017 to reach a record high in 2023.The annual report is based on research conducted by the Ponemon Institute and sponsored and analyzed by IBM. 2023 marks the 18th year of the widely read report,which has been expanded over time as cybercrime and organizations’ responses to data breaches have evolved.

The latest report offers some surprising revelations, a few of which are shared below along with charts published in the report.

Healthcare Industry Continues to Experience Highest Cost

Data breach costs were highest in the healthcare industryFor the 13th consecutive year, the healthcare industry recorded the highest cost of a data breach, reaching almost $11 million (USD) in 2023. In the same vein, healthcare data breaches reported to the HHS Office for Civil Rights in 2023 totaled 548 and potentially affected almost 122 million individuals by compromising their protected health information. These numbers set a record for healthcare in terms of both the volume of data breaches and the average cost per breach.

According to the IBM Report, over the past three years—since the start of the pandemic—the average cost of a data breach in healthcare has increased 53.3%. It’s a staggering figure compared to the 15% increase for the same three years across all industries. Possible contributing factors include heavy regulation and designation as critical infrastructure by the U.S. government.

While the financial industry occupied second place in terms of cost per breach, the cost of a financial data breach was roughly half the cost of a healthcare breach.

United States Retains Record for Highest Data Breach Cost Globally

In both 2022 and 2023, the U.S. ranked number one among the top ten countries in terms of data breach costs, reachingData breach costs continue to be highest in the U.S., followed closely by the Middle East. $9.48 million last year in a slight increase from 2022. The Middle East ranked second at $8.07 million in 2023. Canada followed at a distant third, with $5.13 million in average data breach cost, a slight decrease from the prior year.

Germany, Japan, the United Kingdom, France, and Italy all averaged between $4 and $5 million per breach.

A possible explanation for the extremely high costs in the U.S. and Middle East may relate to the comparatively high number and value of assets that are attractive to cybercriminals, hackers, and ransomware gangs.

Primary Sources of 2023 Data Breaches

Data breaches originate from a variety of sources, which tend to change slowly over time. Phishing was responsible for 16% of data breaches, followed closely by stolen or compromised credentials at 15%. Often, the goal of phishing schemes is to manipulate employees into disclosing login credentials, so it makes sense that the two would track closely.

Slightly more than 10% of data breaches were attributed to misconfigured cloud applications, followed by business email compromise scams at 9%.

For the first time, the 2023 IBM Report assessed the role of zero-day (unknown) vulnerabilities in data breaches as well as known but unpatched vulnerabilities. Although a relatively small number, it is still concerning that more than 5% of data breaches originated from known vulnerabilities that had not been patched. The failure to promptly patch software when updates are made available consistently contributes to cyberattacks. Not surprisingly, patching is widely considered a cybersecurity best practice and is a requirement in most cybersecurity frameworks and security regulations.

In terms of data breach cost, the most expensive data breaches originated from the malicious acts of insiders. These incidents averaged a cost of $4.9 million per breach—which is 9.6% higher than the global average cost ($4.45 million per breach). On the plus side, malicious insider attacks comprise just 6% of total data breaches. The second most expensive data breach source was phishing, at $4.76 million per data breach. Phishing continues to plague organizations year after year, in part due to poor or absent cybersecurity training for employees and management.

Additional Revelations about Data Breach Costs

The 2023 Cost of a Data Breach Report presents 78 pages of extensive research, correlated data, and insights. Below are several additional revelations from the report that may be of interest to Chief Information Security Officers, Chief Information Officers, and others responsible for cybersecurity at their organizations.

  • Organizations that experienced ransomware attacks and who chose to engage law enforcement saved $470,000in their average data breach costs compared to those that did not involve law enforcement. Despite ongoing authoritative recommendations, 37% of organizations elected not to engage law enforcement. In addition, nearly half of ransomware victims (47%) reportedly paid the ransom to retrieve their data.
  • Organizations that experienced a data breach were more likely to pass along their data breach costs to consumers (57%) than to increase their investments in security (51%).
  • Organizations that extensively employed artificial intelligence and automation were able to reduce their data breach lifecycle to 214 days, as compared to organizations that did not employ these technologies (322 days). Their data breach costs were also nearly $1.8 million Data breach costs can be reduced using automation and AI tools
  • In terms of detecting a data breach, one-third were detected by an organization's security team, compared to 27% that were disclosed by the cybercriminal. Breaches disclosed by the attacker cost nearly $1 million more on average compared to organizations who discovered the breach themselves.


The annual Cost of a Data Breach Report presents a wealth of useful information regarding the costs of data breaches around the world. It examines data breach costs through a variety of lenses, including breaches by country, industry, source or cause, and many others.

Organizations who make a point to study this information, and to understand the vulnerabilities that contribute to data breaches, have an advantage over those who do not. Well-informed organizations are better able to harden their cybersecurity defenses to avoid the high costs and other pitfalls of a data breach.

 Talk to a Cybersecurity Expert


Sanjay Deo
Sanjay Deo

Sanjay Deo is the President and Founder of 24by7Security Inc. Sanjay holds a Master's degree in Computer Science from Texas A&M University, and is a Certified Information Systems Security Professional (CISSP), Healthcare Information Security and Privacy Practitioner (HCISPP), Certified Information Systems Auditor (CISA) and PCI Qualified Security Assessor (QSA). Sanjay is also a co-chair on the CISO council and Technology Sector Chief at FBI InfraGard South Florida Chapter. In 2022 Sanjay was honored with a Lifetime Achievement Award from the President of the United States. Subscribe to the 24by7Security blog to learn more from Sanjay.

Related posts

February, 20 2024
February, 6 2024
October, 17 2023

Comments are closed.

A Look at 2023 Data Breaches Reported to the HHS OCR
Russian Cybercriminals Thwarted as FBI Disrupts LockBit Ransomware Operations
Subscribe to our Blog!