As Yogi Berra said, “It’s déjà vu all over again.” If the idea that the global average cost of data breaches is increasing year after year feels like the same thing is happening over and over again, that’s because it is. Data protection solutions are getting better, but so are threat actors. The other old story is the underuse or misuse of technologies that can help protect data, like artificial intelligence and automation.

IBM’s Cost of a Data Breach (CODB) Report 2024 surveyed 604 organizations across 17 industries in 16 countries and regions, examining breaches in which between 2,100 and 113,000 records were compromised. A key finding was that using modern technologies reduced the cost of breaches by an average of $2.2 million. And for CISOs and security teams looking to invest, talking about dollars and cents—not bits and bytes—is important, which resonates with their audience.

Where are savings achieved?

Cyber ​​resilience is more than just disaster recovery; it’s a critical component. A resilient program combines both proactive and reactive workflows, including the technology used. And when the individual parts work well together with the right support, the result is a total outcome that is more than its parts.

In fact, the 2024 CODB report found that organizations realized savings when AI and automation were used extensively in preventive or proactive workflows (e.g., attack surface management, red teaming, posture management, etc.). There is an interesting connection here, as a “prevention over reaction” approach could actually be driven by greater AI threats and usage.

In addition, the COBD report found that – once again! – the skills shortage is affecting the industry. When employees feel overwhelmed, especially when responding to incidents, artificial intelligence can be the supporting tool to retain employees. Security and leadership personnel should be aware that not investing in tools and solutions can lead to the loss of highly skilled employees with institutional knowledge. What is the unintended consequence of this? Additional costs to fill the positions.

Read the full report

Plan as a unit, implement as a unit

Organizations that still approach cybersecurity in separate silos or with limited visibility are increasing the risk profile of the entire organization, not just the enterprise security function. We live in an era where technology is critical to service delivery. It’s no longer about delivery efficiency and competitiveness. So keep these points in mind when planning as one:

1. Eliminate blind spots in the data. Many of us call this data the “crown jewels” of the company, but with all the data being produced today and the difficulties surrounding data lifecycle management, what really lies behind it is important to consider a solution to manage your data security posture and be aware of shadow data.
2. Safety comes first. This is easier said than done, but integrating security into workflows and solutions – even if it is a little more difficult to implement – ​​means removing unnecessary and often fragile complexities that are complicated and expensive to fix after an incident.
3. Culture, culture, culture. Change is hard to implement, especially new technologies like generative AI. Get people to buy into the security mindset, but not at the expense of doing business. Remember that they are not only important users, but also the key to successful implementations and improvements.

It is used, so use it wisely

The CODB report also identified two out of three organizations exploring the use of AI and automation in their security operations centers. With this level of adoption, ubiquitous adoption is likely on the horizon.

The key, therefore, is to use the technology intelligently, in a way that takes into account the company’s risk profile and makes economic sense. The business case becomes easier when the average cost of a data breach is reported to be $4.88 million, and results so far last year show that the investment can be worthwhile.

Read more