Around the world, healthcare still pays more than any other sector for data breaches

No industry has taken cybercrime on the chin more than healthcare over the past 13 years. That trend continues in 2024, as global data breaches cost healthcare $9.77 million between March 2023 and February 2024.

Even though the figure represents a 10.6% drop from the parallel period in 2023, it still places healthcare far ahead of the second costliest industry for breaches. That would be financial services, which absorbed $6.08 million in breach costs.

The findings are from IBM, which this week released its 2024 report on the subject.

Commenting on healthcare’s unchallenged status as the hardest-hit industry in the world, the report’s authors note that healthcare “remains a target for attackers since the industry often suffers from existing [legacy] technologies and is highly vulnerable to disruption, which can put patient safety at stake.”

IBM commissioned the Ponemon Institute to gather the data, which came from more than 600 organizations hit by breaches during the 12-month study period.

The organizations represented 17 industries in 16 countries and regions. The scale of the breaches ranged from 2,100 to 113,000 compromised records.

Along with the quantified data, the analyzed materials included interviews with more than 3,500 security and C-suite business leaders who had firsthand knowledge of relevant incidents at their organizations, IBM says.

IBM notes two major developments in the findings:

1. The global average cost of a data breach increased 10% over the previous year, reaching $4.88 million, the biggest jump since the pandemic.

Business disruption and post-breach customer support and remediation drove this cost spike, the report states. “When asked how they’re dealing with these costs, more than half of organizations said they are passing them on to customers,” the authors write. “Having customers absorb these costs can be problematic in a competitive market already facing pricing pressures from inflation.”

2. On the defender side of the equation, researchers found applying security AI and automation is paying off, lowering breach costs in some instances by an average of $2.2 million.

AI and automation solutions are reducing the lifespan needed to identify and contain a breach and its resulting damage, IBM reports. “Put another way,” the authors add, “defenders without AI and automation to assist them can expect to take longer to detect and contain a breach, and see costs rise compared to those who use these solutions.”

The authors observe that, across all industries, cybersecurity teams are consistently understaffed.

“This year’s study found more than half of breached organizations faced severe security staffing shortages, a skills gap that increased by double digits from the previous year,” they report. “This lack of trained security staff is growing as the threat landscape widens.”

More:

‘The continuing race to adopt generative AI across nearly every function in the organization is expected to bring with it unprecedented risks and put even more pressure on these cybersecurity teams.’

The full report is available in exchange for contact info here.

 

Dave Pearson

Dave P. has worked in journalism, marketing and public relations for more than 30 years, frequently concentrating on hospitals, healthcare technology and Catholic communications. He has also specialized in fundraising communications, ghostwriting for CEOs of local, national and global charities, nonprofits and foundations.

Around the web

When regulating AI-equipped medical devices, the FDA might take a page from the Department of Transportation’s playbook for overseeing AI-equipped vehicles. These run the gamut from assisting human drivers to fully taking the wheel. 

Kit Crancer, RBMA board member, speaks with Radiology Business about key legislative developments on the Hill that will affect the specialty. 

California-based Acutus Medical has said its ongoing agreement to manufacture and distribute left-heart access devices for Medtronic is the company's only source of revenue.