The IBM Cost of a Data Breach Report is published annually and is one of the most comprehensive benchmarking studies in cybersecurity. The 2024 edition — based on research conducted with 604 organisations across 17 industries and 16 countries — puts the global average cost of a data breach at $4.88 million, the highest figure in the report's 19-year history. For UK organisations, understanding what drives that number — and what genuinely reduces it — is essential for building a credible business case for cybersecurity investment.
What does "cost of a data breach" actually mean?
IBM defines the total cost across four cost categories, each capturing a different phase of the breach lifecycle:
| Category | What it includes | Share of total cost |
|---|---|---|
| Detection & escalation | Forensic investigation, assessment teams, audit services, crisis management | ~29% |
| Notification | Legal fees, regulatory notification, outbound communications, credit monitoring for affected individuals | ~17% |
| Post-breach response | Help desks, legal defence, regulatory response, remediation | ~28% |
| Lost business | Customer churn, reputational damage, business downtime, new customer acquisition costs | ~26% |
The lost business category is often the most surprising to organisations that focus primarily on technical remediation. Reputational damage and customer attrition can persist for years after the initial incident and represent a cost that is difficult to quantify or insure against.
Industry differences are substantial
The average conceals enormous variation by industry. Healthcare organisations consistently record the highest breach costs — an average of $9.77 million in 2024, nearly double the global average. This reflects the sensitivity of health data, the strict regulatory environment (HIPAA in the US, UK GDPR and CQC requirements in the UK), and the reputational stakes involved.
The industries with the highest average breach costs in 2024 were:
- Healthcare: $9.77 million
- Financial services: $6.08 million
- Pharmaceuticals: $6.09 million
- Energy: $5.29 million
- Industrial: $4.73 million
Retail, education, and hospitality typically experience lower average costs — though still significant — partly because the data they hold is less sensitive and partly because regulatory consequences are less severe.
The detection speed effect
One of the most consistent findings across the IBM report's history is the relationship between detection speed and total cost. In 2024, the average time to identify and contain a breach was 258 days — 194 days to identify and 64 days to contain.
Critically, breaches contained in under 200 days cost on average $1.12 million less than those that took longer. Fast detection and containment is consistently the single most impactful factor in reducing breach costs, outpacing virtually every other control.
This has a direct implication for security investment prioritisation: detection capabilities (SIEM, endpoint detection, anomaly monitoring) deliver measurable financial return. The IBM data provides an evidence base for funding these controls.
What reduces breach costs most
The 2024 report identifies several factors that correlate with significantly lower breach costs:
Security AI and automation — $2.22 million saving
Organisations with extensive use of security AI and automation had average breach costs of $2.97 million versus $5.72 million for those with no AI use — a difference of $2.22 million. This is the largest cost-reducing factor in the 2024 report. AI-powered detection tools identify breaches faster and with greater accuracy than manual processes.
Employee training — meaningful impact
Phishing and compromised credentials remain the most common initial attack vectors. Organisations with regular security awareness training consistently show lower costs because social engineering attacks are identified and reported faster.
Incident response planning and testing
Having a tested incident response plan is associated with significantly lower costs. The key word is "tested" — organisations that run tabletop exercises and simulate breach scenarios are materially better prepared when real incidents occur.
Cyber insurance
Cyber insurance does not prevent a breach, but it significantly affects the out-of-pocket cost. IBM's data shows insured organisations experience lower net costs, particularly in the notification, legal response, and business interruption categories. Policy terms vary enormously — deductibles, coverage limits, and exclusions should be reviewed carefully.
What increases breach costs
The factors associated with higher breach costs in 2024 include:
- Ransomware involvement — ransomware attacks add significant remediation and recovery costs on top of data exposure costs
- Supply chain compromise — breaches originating in third-party vendors are harder to detect and contain
- Skills shortage — organisations citing a security skills gap had average breach costs $1.76 million higher
- Non-compliance with regulations — organisations in heavily regulated industries with compliance failures face regulatory fines on top of operational breach costs
UK-specific context
While IBM's figures are reported in US dollars, the cost drivers translate directly to UK organisations. The regulatory dimension is, if anything, more prominent in the UK — ICO enforcement under UK GDPR adds a regulatory fine risk layer on top of the operational costs IBM captures. The 2023 Capita breach, estimated to have cost the organisation over £25 million in direct costs, is a UK example that illustrates how quickly multiple cost categories compound.
For UK compliance officers and CISOs, the IBM data provides a credible, peer-reviewed basis for quantifying cyber risk in financial terms — which is increasingly required for board-level reporting and insurance underwriting.