"Cyber-Incident Costs Surge 11% as Budgets Remain Muted"

According to security researchers at S-RM, the average direct cost of a serious cybersecurity incident increased by 11% year-on-year to reach $1.7m in 2023. The researchers polled 600 C-suite and IT budget holders from US and UK organizations with revenues over $500m to produce their 2023 Cybersecurity Insights Report. The researchers found that the most common incident types were fraud, third-party compromise, and data exfiltration, although these varied by sector. The researchers noted that the larger the organization, the greater the risk of data exfiltration and ransomware. The top contributors to incident costs were increased insurance premiums (37%), operational downtime (36%), and recovery/response costs (32%). The researchers noted that the average of $1.7m also rose significantly to $2.7m per incident for organizations without cyber insurance. Worryingly, the top two cybersecurity challenges cited by respondents were hybrid working and a “lack of understanding around cyber trends and threats” (both 38%). In third place came “lack of internal training” on how to spot threats. The researchers noted that while incident costs are up, budgets for cybersecurity only rose by 3% to an average of $26.8m in 2023. Retail (28%), telecoms (27%), and pharmaceuticals (27%) firms allocated the largest share of their IT budget to cyber in 2023.

Infosecurity reports: "Cyber-Incident Costs Surge 11% as Budgets Remain Muted"