As data breaches continue to grow in severity and frequency, so too do their costs. The global average cost of a data breach in 2024 has increased by 10% in just one year, reaching $4.88 million.
What are the common reasons for data breaches in 2024? How long do breaches take to report and fix? When even the Pentagon struggles to contain data, what can an SMB do? Techopedia explores the topic through numbers.
Key Takeaways
- The global average cost of a data breach in 2024 has surged to $4.88 million, a 10% increase from the previous year.
- Malicious or criminal attacks are the leading cause of data breaches in 2024, accounting for 55% of incidents.
- Nearly half of all data breaches in 2024 involved customer personal identifiable information (PII), with intellectual property records close behind.
- Despite GDPR, there are gaps in privacy laws — especially in the U.S. — which leave organizations vulnerable to data breaches.
- New technologies like AI and the rise of shadow data are creating cybersecurity challenges that current laws struggle to address.
The Cost of a Data Breach in 2024
As IBM’s Cost of a Data Breach Report 2024 calculates it, $4.88m is the average cost of a data breach — a huge sum for even a large company.
And even with data protection legislation in place, like the European Union’s (EU’s) GDPR, these breaches continue, jeopardizing our personal information. This raises the question: are our current privacy laws strong enough to protect us from data breaches?
Cybercriminals are only becoming more adept at all the different ways to breach a system to obtain data they can then use as leverage.
They can then threaten to sell or leak the data unless a ransom is paid. In fact, the majority of data breaches in 2024 were a result of malicious or criminal attacks (55%), with IT failure being the second-most common reason (23%), and human error being the third leading cause (22%).
Furthermore, nearly half of all breaches (46%) involved customer personal identifiable information (PII), which can include tax ID numbers, email addresses, phone numbers, and home addresses.
Intellectual property (IP) records came in at a close second (43% of breaches).
As a result, data breaches have become so commonplace that, arguably, many people have become less concerned about them — even if we should be taking them more seriously.
However, these breaches still have serious consequences. For instance, a recent breach involving National Public Data (NPD), a US data broker, reportedly compromised the personal information of 2.7 billion people.
Other notable breaches in 2024 include:
- AT&T: The call and text records of nearly all AT&T customers were exposed.
- OpenAI: A breach resulted in the theft of internal info about its AI tech.
- Trump Campaign: Hacked by foreign agents for internal communications.
The Role of Privacy Legislation
To fight the growing threat of data breaches, legislation like the EU’s GDPR has been put in place to protect personal data and require companies to take accountability for securing that data and any breaches they experience. GDPR regulations require companies to report their breaches and pay heavy fines for exposing personal data.
In 2024, over half of organizations reported their data breach in under 72 hours, while 34% took more than 72 hours to report. Just 11% were not required to report the breach at all, showing inconsistencies in how breaches are handled globally.
Even with the progress made by GDPR, there are still gaps in the current laws that leave organizations vulnerable — particularly those in the US, since they are not bound by GDPR.
New technologies like artificial intelligence create new challenges, as existing privacy laws may not fully cover the complexities of data security in these areas. For instance, while AI can help improve cybersecurity, it can also be a weapon in creating cyberattacks.
Additionally, the rise of shadow data — unmanaged data that often goes unnoticed by IT teams — makes it harder to enforce privacy regulations.
The Bottom Line
As data breaches continue to increase in number and impact, the financial and reputational damage to businesses is growing, with breaches being a digital goldmine for threat actors.
The digital world is changing quickly, with new technologies like AI and the rise of shadow data creating challenges that current laws can’t keep up with or fully handle.
Stronger privacy legislation is needed to truly safeguard personal information, and businesses also need to take action to improve their cybersecurity, making sure they are not just compliant but prepared to face ever more advanced cyber threats.