This week on the HIPAA Vault Show Adam and Gil discuss the findings from IBM’s 2024 Cost of a Data Breach Report. Learn about the increase in the global average breach cost, now at $4.88 million, driven by business disruptions and post-breach responses. The episode highlights how companies are passing these costs to customers and examines the critical role of AI and automation in reducing breach response times. Healthcare remains the most expensive industry for breaches, even though cost of breaches decreased by 10.6%. Gil shares why healthcare is a prime target and offers key takeaways: understand your data landscape, invest in AI, and prioritize employee training. Tune in for essential insights and strategies to navigate the evolving data breach landscape.
For more information on HIPAA Vault, visit our website!
Do you have any remaining questions, requests, or just want to chat with us? Email us at podcast@hipaavault.com!
Transcript:
Adam
Hello, everyone, and welcome to another episode of the HIPAA Vault show. I’m your host, Adam, and as always, I’m joined by Gil Vidals, CTO and founder of HIPAA vault. Today we’re diving into IBM’s latest cost of a data breach report from 2024. Gil, this report has some eye opening findings. What jumped out to you?
Gil
Hey, thanks, Adam. Well, you’re right. There’s a lot to unpack here today. The headline number that caught my attention was the global average of the cost of a breach jumped by 10% to $4.88 million. That’s the biggest increase that’s been that we’ve seen since the pandemic.
Adam
Wow, that’s significant. Are any particular factors driving that increase?
Gil
Yeah, there’s a couple of factors. One is the rising costs from business disruption. So once an attack happens, the business comes to a halt. And then the other one is the regulatory fines. There’s more fines going on for the regulators.
Adam
I can see how those costs would add up quickly. The report mentions that many organizations are passing these costs onto customers. That seems like a risky move.
Gil
Yeah, it is.
Gil
But if you think about it, after there’s an attack and the business has had to recover, they’ve had to pay a lot of money in the disruption. So what’s happening is they are having to increase their costs. So 63% of organizations had to increase their prices on their products and services after breach. And in a competitive market already dealing with inflation, that could backfire and lead to more business loss.
Adam
Okay, shifting gears a bit, I noticed AI and automation were big themes in the report. What role are those technologies playing?
Gil
Okay, so AI is the big buzzword. As we all know these days. But it’s not just a headline, it’s making a difference. So, for organization using technologies extensively that include AI, they’re able to identify and contain a breach almost 100 days faster than the average compared to those that don’t use the latest tools that include AI. And that translates to about $2 million in cost savings, again, compared to organizations that aren’t using AI and automation.
Adam
Oh, wow. Those are some really compelling numbers. Are there any particular areas where AI is having the biggest impact?
Gil
The four areas that the report I read was talking about, number one, prevention. Number two, detection. Three, investigation and response. So AI in prevention workflows like the attack, surface management, and posture management showed the biggest cost savings at about 2 million on the average.
Adam
Very interesting. Now, I know healthcare is always a focus for our show. How did the healthcare industry fare in this report?
Gil
A little better, not dramatic.
Gil
So the healthcare costs went down by about 10% to about 9.8 million. However, that’s still more than double the overall average. Keeping healthcare is the most expensive industry for data breaches for 13 years in a row.
Adam
So why do you think healthcare remains such a prime target for hackers?
Gil
Well, one reason is healthcare industry in general lags behind in adopting these security tools. And the other reason is that healthcare is always dealing with sensitive and personal medical data that’s available. Well, not available, but valuable to the hackers. They really want to get their hands on it because they can use that as leverage for a ransom, or they can resell that data in the black market.
Adam
Yeah, those are great points. So, any final takeaways or recommendations from the report that our listeners should keep in mind?
Gil
Yeah, a lot of these are just common sense. Adam.
Gil
It’s important first that you know your data landscape, that is, know, where is your data located? Probably in different areas. So know where those private and public clouds are, where’s the data? And then invest in the AI and automation tools that are coming around that are helpful in thwarting the attackers. And then, of course, prioritize the training with your employees. Make sure the employees are trained and also an incident response planning, and make sure that you have that ready to go.
Adam
Excellent advice as always, Gil. That wraps up our discussion of the cost of data breach Report 2024 by IBM listeners. You can find a link to report in our show notes. Please do subscribe if you haven’t already, and give us a like on the video. And thanks for tuning into the HIPAA Vault show. We’ll catch you next time.