Skip to main content
Data & Analytics

IBM: AI makes ‘real-world impact’ on breach costs

The company’s annual report sees automation easing recovery efforts.
article cover

Francesco Carta Fotografo/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

It may be hard to find the good news in a security report placing the average data breach cost at almost $5 million, but IBM researchers did see at least one reason for optimism: Companies are more frequently detecting their breaches.

In a study of more than 600 organizations in 16 countries that suffered a data breach between March 2023 and February 2024, the IBM team found that security pros and their tools discovered their compromises at a greater rate than previous years. And self-discovery has its savings: When an attacker disclosed a breach, the median cost reached $5.53 million, compared to $4.55 million when an in-house security team made the discovery.

“The faster you can identify and the faster you contain, the less harm that’s done to you, your company, and your customers, potentially,” Diana Kelley, CISO at cybersecurity company Protect AI (and former global executive security advisor at IBM), said on an August 13 presentation from IBM.

Got ID? Forty-two percent of IBM’s studied organizations spotted the compromise themselves—an increase from 33% last year. Also, the resident defenders had slightly quicker reflexes, taking, on average, 194 days to spot a breach, compared to 2023’s ID time of 204 days. The mean time for security teams to identify and contain a breach fell to 258 days—a seven-year low, according to the report.

What took ya so long? Factors like a skills shortage, overwhelmed security teams, and the compromise of legitimate credentials have kept IT pros from quickly finding compromises, Sam Hector, global strategy leader of IBM security, said on the August call.

AI add-on:

  • Organizations claiming “extensive” use of AI and automation in security grew to 31%—up from 28% last year.
  • These “extensive” AI users, who add automation to their security operations center and continuously monitor prevention tools like attack surface management (ASM) and data security posture management had an “average mean time to identify” of 158 days. Those with “no use” of AI and automation had an average ID time of 228 days.
  • Organizations not using AI and automation had average costs of $5.72 million, compared to $3.84 million of the “extensive” group.

Why does faster ID time lead to cost savings? When an attacker does the disclosing, they’ll likely have already achieved their objective and done plenty of damage, leading to higher breach costs, IBM’s report said.

Automated technologies that analyze network behavior for anomalies can spot, say, a server compromise; or tools that recognize unlikely access instances can determine a stolen credential, Hector told IT Brew during a separate interview in July.

“AI deployment in cybersecurity is not just a buzzword; it’s making a real world-impact, and it’s making probably the biggest impact of anything we saw this year,” Hector told IT Brew.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.