Using automation and artificial intelligence (AI) security tools cut the average cost of Australian data breaches by $2.14 million and helped companies complete data breach investigations nearly 4 months faster, according to a newly released analysis.

The average Australian data breach costs 32 per cent more now than it did five years ago – an average of $4.03 million per incident –  Australian figures from the IBM-Ponemon Institute 2023 Cost of a Data Breach Report confirmed, with detection and escalation costs averaging $1.68 million (42 per cent) of that total.

Although past investment in AI and security automation were most closely correlated with the ability to resolve a data breach more quickly, the research – which analysed data breaches at 553 organisations globally between March 2022 and March 2023 – also found that only 51 per cent of businesses increased their security investments after a data breach.

By contrast, 57 per cent said they would pass on the costs of the incidents to consumers – confirming that many companies still prefer to pass the buck than to meaningfully improve their security architecture, even though buying contemporary security tools not only slashed overall breach costs but cut the average data breach lifecycle by 117 days – from 342 days to 225 days.

Australian companies benefited more from adopting AI-based security automation than their global peers, who only saw an average reduction of 108 days.

With robust and effective tools now widely available to help companies improve their security, IBM Security Asia Pacific chief technology officer Chris Hockings said, the industry is this year “reaching a tipping point in the maturity curve for AI in security operations.”

Enterprise-grade AI capabilities “can be trusted and automatically acted upon via orchestrated response,” Hockings explained, noting that “in addition to reducing the time to identify and contain a data breach, the extensive use of security AI and automation is also a crucial factor in delivering significant cost savings to breached organisations in Australia.”

Measuring the full impact

That impact has been acutely felt by companies such as Latitude Financial, which recently revealed that its March data breach – which saw the compromise of up to 14 million customers’ driver licence, passport, and Medicare numbers, financial details, and other details – had cost the company $75.9 million.

That included $11.8 million spent on containing and remediating the attack and $53 million in direct costs, including replacing the IDs of affected customers – which consumed 80 per cent of the overall costs – as well as technology, legal, and professional fees.

The incident – which the company called “a material set back to volumes and margins” during its half-year investor presentation in mid-August – occurred after a cyber criminal obtained privileged access credentials that were normally used by a third-party vendor to access Latitude’s systems.

Normal business operations, such as signing up new customers and collecting outstanding debts, were paused as the company spent up to six weeks to restore regular business operations with the help of external cyber security experts, federal regulators, the Australian Federal Police, and others.

Latitude is still counting the cost of the breach, with managing director and CEO Bob Belan admitting in May that the company still faces unknown regulatory fines, class action liabilities, and costs to improve its systems in the future.

With 52 Australian financial-sector data breaches reported during the second half of 2022 – and 344 others across other industries – the collective cost of these breaches has been considerable.

Australian financial services, technology and education companies had the most expensive data breaches, the IBM-Ponemon analysis found, with average costs of $5.56 million, $5.06 million, and $4.61 million, respectively.

The potential costs of any breach – which, as Latitude found, keep piling up long after the business is back up and running – strengthen the already robust case for investing in AI-powered security automation, IBM’s Hocking said.

Reducing these costs by embracing AI and automation “will unlock tangible benefits for speed and efficiency,” he explained, “which are desperately needed in today’s business landscape – where early detection and fast response can significantly reduce the impact and losses from breaches.”