UK organisations shell out an average of £3.4m for data breach incidents, according to IBM Security’s Cost of a Data Breach Report 2023.

The use of AI and automation have the biggest impact on UK businesses’ speed of breach identification and containment, reducing the average breach lifecycle by 108 days compared to organisations that haven’t deployed these technologies.

Firms that deployed security AI and automation extensively – meaning throughout security operations, and within several different toolsets and capabilities – paid an average of £1.6 million less in data breach costs than companies that didn’t leverage these technologies, the report found.

Yet, only 28 percent of UK organisations are currently deploying security AI and automation extensively, with a further 37 percent not yet adopting these technologies.

AI adopters see early security gains
While the report shows a decrease in the total average cost of a data breach in the UK from £3.8 million in 2022 to £3.4 million today, this is still a nine per cent increase since 2020. 

Martin Borrett, technical director, IBM Security UK & Ireland, says: "Security AI and automation may be the driving force needed to help defenders bridge the speed gap with attackers. The slight decline from last year in the overall cost of a data breach in the UK suggests the powerful impact security AI and automation may already be having on early adopters.”

Steve Bradford, SailPoint’s senior vice president for EMEA, comments: “Organisations must ensure they integrate cyber resilience at the core of their business models. AI-enabled identity security, for example, is key in allowing organisations to see, manage, control, and secure all variations of identity, knowing who has access to what, and why across their entire network.

He adds: “This means organisations can improve the detection of suspicious behaviour and trigger quicker and more impactful responses. Defences like this are crucial to reducing the risk of breaches.”

Banks, services and tech under attack
The report found that UK industries with the highest average cost of data breaches were financial services (£5.3 million), services (£5.2 million) and technology (£4.9 million).

Stolen or compromised credentials were the most common entry point for attackers at 13 percent. Malicious insiders were the most expensive initial attack vector (£3.9 million), followed by business email compromise (£3.86 million) and phishing (£3.85 million).

Globally, the IBM report found the average cost of a data breach reached an all-time high of $4.5 million this year.

Ransomware victims in the study that involved law enforcement saved $470,000 in average costs of a breach compared to those that chose not to involve law enforcement. Despite these potential savings, 37 percent of ransomware victims studied did not involve law enforcement in a ransomware attack.   

What’s more, just one third of studied breaches were detected by an organisation’s own security team, compared to 27 percent that were disclosed by an attacker.

In a concerning development, critical infrastructure organisations experienced a 4.5 percent jump in the average costs of a breach compared to last year – increasing from $4.8 million to $5 million – $590,000 higher than the global average.