Costs of Data Leaks Reach New Record High

According to the IBM study “Cost of a Data Breach“, the impact of data leaks on business operations is becoming ever greater. Compared to the previous year, the costs per data breach increased by 14 percent. Globally, the average cost per data breach increased by ten percent in 2024, and by 14 percent in Germany. German companies needed an average of 185 days to identify and contain these incidents. This is still the shortest period of time compared to other countries and regions surveyed, which is 258 days.

Further findings of the report for German

AI-supported security solutions pay off
In Germany, 58% of the companies surveyed use AI-based security and automation solutions, a jump of 9% compared to the previous year. When these technologies were used on a large scale, German companies reduced the total duration of incidents by 89 days. In addition, they incurred an average of €2.73 million less in damage costs compared to companies that did not use AI-based security and automation solutions.

Critical infrastructures most affected
Companies from the industrial sector in Germany recorded the highest costs as a result of data leaks (9.34 million euros), followed by financial service providers (6.19 million euros) and technology companies (5.65 million euros).

Stolen credentials are the number one initial attack vector
The most common initial gateway for attackers in 2024 was stolen or compromised login data. They accounted for 20 percent of incidents in Germany and caused average total costs of 5.11 million euros per case. Phishing took second place with 17% of cases (5.52 million euros), followed by misconfigurations in the cloud with 15% (3.95 million euros). Malicious insiders caused the most damage at 5.75 million euros, but were only the starting point for the attack in 6% of the cases investigated.

Gaps in data transparency
Almost half (47%) of the incidents in Germany involved data that was stored in different environments, for example in the public cloud, the private cloud and the company’s own data center. These incidents cost companies more than EUR 5.27 million on average. It also took the longest time to identify and contain these incidents (215 days in total).

Christine Barbara Müller, Head of Security Services DACH at IBM Germany. “In this challenging environment, where AI-powered attacks are becoming more common, preparation is becoming increasingly important. AI-based security and automation solutions provide IT teams with powerful tools to improve protection and further reduce detection, containment and recovery times. Companies should take advantage of this opportunity to stay one step ahead of cybercriminals.”

Global trends

Understaffed security teams
More companies worldwide faced severe staff shortages compared to the previous year (26% increase). They also experienced an average cost per incident of 1.76 million US dollars higher than those with little or no staffing issues.

Involvement of law enforcement agencies reduces ransoms
By involving law enforcement agencies, ransomware victims were able to save an average of almost 1 million US dollars in costs per data leak worldwide, compared to affected companies that did not do so. These calculations only included the general costs, not any ransoms paid. Most ransomware victims (63 percent) who involved law enforcement were also able to avoid paying the ransom.

Damage costs are passed on to consumers
63% of the companies and organizations surveyed stated that they would increase the cost of their goods or services this year as a result of the incidents. This is a slight increase on last year (57%). It is also the third year in a row in which the majority said they would do so.

The “Cost of a Data Breach Report” is based on an in-depth analysis of real-life loss events that affected 604 companies worldwide between March 2023 and February 2024. The report is produced by the Ponemon Institute.