Aug 15 2023

On Average A Security Breach Costs $4.45 Million But Who Pays For It?

Businesses that suffer security breaches must decide whether to accept the loss or pass incident costs onto consumers and many, are caught in the middle.

Who should pay the tab when a cybercriminal succeeds in breaching a company’s network? Many would say that the company should eat the loss, file a claim with its insurance carrier and double down on its efforts to stop the next attack.

New research from IBM, however, suggests that a growing number of businesses don’t see it that way.

According to the 2023 Cost of a Data Breach Report by IBM, businesses are divided on how to handle the increasing cost and frequency of breaches.

“Breached organizations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%),” IBM noted in a news release.


The percentage increase of security breaches in the last three years

Source: “Cost of a Data Breach Report,” 2023, IBM

The average breach now costs $4.45 million, according to IBM, a 15 percent increase over the last three years. Those costs include any ransom paid to an attacker, plus injury to customer trust, stock price declines, intellectual property loss and more.

Only half of breached companies responded by increasing their cybersecurity efforts. Those that do not stand to pay more: Businesses that learn about breaches from attackers rather than by detecting them pay an additional $1 million in average costs, according to IBM.

LEARN MORE: Find out why network security is a first priority as organizations secure IoT environment

“Investments in threat detection and response approaches that accelerate defenders’ speed and efficiency — such as AI and automation — are crucial to shifting this balance,” Chris McCurdy, IBM’s general manager of worldwide security services, said in the release.

Learn more about managed detection and response at

fongleon356/Getty Images

Be Ransomware Ready

Is your organization prepared for a cyberattack? Learn how to step up your ransomware protection.