The average direct cost of a serious cybersecurity incident increased 11% year-over-year to $1.7 million in 2023, according to consultancy S-RM.
The company surveyed 600 senior executives and IT budget managers from US and UK organizations with revenues exceeding $500 million to produce its Cybersecurity Insights Report 2023.
The most common incident types were fraud, third-party compromise, and data exfiltration, although these varied by industry. The larger the organization, the greater the risk of data exfiltration and ransomware, according to the study.
The top contributors to incident costs were increased insurance premiums (37%), operational downtime (36%), and recovery/response costs (32%).
Learn more about data breach costs: Data breach costs hit record high but fall for some
The average of $1.7 million also increased significantly to $2.7 million per incident for organizations without cyber insurance, S-RM claimed.
“For many organizations, cyber insurance is more than just a ‘nice to have’, and our latest data shows exactly why it’s so critical to be properly insured against cyber incidents and data breaches.” , said the head of S-RM. cybersecurity in the Americas, Paul Caron.
“Premiums may be increasing, but without adequate insurance, regulatory, reputational and downtime risks are much higher – businesses need to take note. »
Worryingly, the top two cybersecurity challenges cited by respondents were hybrid working and “lack of understanding of cybersecurity trends and threats” (both 38%). Third is “lack of internal training” on how to detect threats.
While incident costs are on the rise, cybersecurity budgets have only increased 3% to an average of $26.8 million in 2023, according to The report.
Next year, they are expected to increase by a healthier 8%, although in previous years the actual increase has been significantly lower than expected. Retail (28%), telecommunications (27%), and pharmaceutical (27%) companies devoted the largest share of their IT budget to cyber in 2023.