Companies spent even more money on Data breaches last year than before, but some victims were able to make significant savings by acting responsibly.

Financial firms spent an average of $6.08 million on incident response, compared to $5.9 million last year, according to IBM’s Cost of a data breach report published this week. The detailed publication analyzed research from the Ponemon Institute on 604 affected companies from across the economy between March 2023 and last February.

The analysis provides information about the costs affected mortgage banks could pay up after attacks that recently affected millions of borrowers. Most lenders remain silent about the hacks they have suffered, let alone how much they have cost, although some publicly traded companies have disclosed major attacks.

Loandepot in a recent disclosure announced spending of $68.5 million in the first half of this year in connection with its massive hack in JanuaryThis amount is to be paid minus at least $15 million in cyber insurance reimbursements, it said, and also includes a large payment for class action lawsuits.

IBM found that “mega data leaks,” which affected between one and ten million records, cost an average of $42 million, while hacker attacks affecting between ten and 20 million records cost companies an average of $173 million.

The cost of data breaches is high. The average cost of a cyberattack on a U.S. company last year was $9.36 million, while the cost for all affected companies worldwide averaged $4.88 million—an annual increase of 10 percent.

63% of affected companies surveyed said they pass the costs of data breaches on to consumers. Last year, 57% of respondents did so.

“Customers’ ability to absorb these costs can be problematic in a competitive market already under price pressure from inflation,” the IBM report said.

Mitigating factors
Across all hacking attacks, the price of sensitive data has increased, with employee and consumer personal identification data costing $189 and $179 per record, respectively, last year. The average total cost increased due to higher business losses, such as downtime and lost customers, as well as more expensive post-attack measures, such as more staff and fines, IBM said.

Affected companies that use artificial intelligence in security functions spent an average of $2.2 million less than their competitors who did not use such technologiesAccording to IBM, AI has made it easier for criminals to plan and carry out attacks on a large scale, but it has also equipped security personnel with new tools to identify and respond to threats.

Companies that did not report “severe security staffing shortages” meanwhile saved an average of $1.76 million in breach response, with that security skills gap growing by double digits from 2022 to 2023, IBM said.

Companies that contacted law enforcement about hacks saved an average of $1 million compared to organizations that did not. Just over half of the companies affected by ransomware attacks told IBM that they notified law enforcement, and 63% of those companies ended up paying the cybercriminals no money.

The report cites employee training and insights from AI and machine learning as the top factors that reduce the average cost of data breaches. A complicated security system is the biggest cost factor, the report says, followed by security staff shortages and third-party incidents.

Remaining expenses
Only 12 percent of companies reported fully recovering from cyberattacks, a process that typically takes more than 100 days, according to IBM. Full recovery is defined as returning business operations in affected areas to normal, meeting compliance requirements, implementing new controls and restoring customer and employee trust.

Loandepot has not yet formally settled a pending complaint over a data breach, but said in its recent earnings releases that the hack, which affected nearly 17 million borrowers, will not have a material impact on its full-year financial results.

Mr. Cooper, which was the victim of an attack last October that leaked the social security numbers of 14.7 million customers, has at least $27 million in connection with the incidentwas the motto this year. It is still a consolidated class action lawsuit by affected customers in a federal court in Texas.

While some companies Fight lengthy legal disputesothers have quietly put such cases behind them.

A federal judge in June granted preliminary approval for a $6 million settlement between consumers and Overby-Seawell, a supplier to KeyBank and Fulton Bank. hacked in 2022Planet Home Lending also received preliminary approval in May for a $2.42 million consumer settlement for a data breach that End of last year.