Insights from this Year's IBM Report

Each year, IBM releases its Cost of a Data Breach Report, one of the most widely cited studies on the financial and operational impact of cyber incidents. The latest edition shows that while costs continue to rise — now averaging $4.88 million globally per breach, with U.S. organizations facing even higher averages — the story is about preparation and discipline.

The numbers remind us that breaches are not rare, isolated events. They are part of the operating environment organizations must manage. The question isn’t if an incident will occur, but how ready your team will be when it does.

Key Findings

• The average time to identify and contain a breach remains more than 270 days, with longer delays leading directly to higher costs.

• Financial services and utilities are among the industries with above-average breach costs, reflecting the sensitivity of the data and the trust those sectors must maintain.

• Shadow data — information stored or processed outside formal oversight — appeared in more than one-third of breaches and increased average costs by double-digit percentages.

• Organizations that had already invested in automation, identity management, and proactive detection saw significantly lower costs than those that had not.

These findings confirm what many security leaders already know: cyber risk is not a headline-driven crisis. It is an ongoing operational challenge, best managed with consistent strategy, strong controls, and continuous improvement.

‍

Bridging the Gaps

The IBM study highlights that the cost of a breach often comes down to a handful of recurring issues: weak technical foundations, poor identity hygiene, delayed detection, and overextended teams. While every organization is different, there are broad practices that consistently help reduce both risk and cost.

• Strengthen the Basics - Simple missteps — like misconfigured systems or unsecured data — remain a leading cause of breaches. Regular reviews, tested backups, and encryption can close off these easy openings.
• Attend to Identity - Unauthorized access is still the most common entry point. Strong authentication, careful use of privileges, and ongoing checks on user behavior are key to limiting attacker movement.
• Find Issues ASAP - The longer a breach goes undetected, the more expensive it becomes. Continuous monitoring, anomaly detection, and well-practiced response steps can drastically shorten response times.
• Rally Your People - The report calls out the impact of thinly staffed teams. Building skills internally, leaning on automation where possible, and knowing when to draw on outside expertise all help lighten the load.

Taken together, these capabilities help clients reduce the life cycle of breaches, lower their financial impact, and strengthen trust with customers and regulators alike.

‍

A Practical Path Forward

The IBM report makes clear that breaches will continue to be part of the digital landscape. But it also shows that organizations that prepare thoughtfully — investing in the right mix of infrastructure, identity, detection, and response — see better outcomes when incidents occur.

At Access Point, we focus on building that preparation into everyday operations. It’s not about fear or hype. It’s about doing what needs to be done: securing your networks, protecting your data, and ensuring your team is ready to respond.

If you’d like to learn how our Infrastructure & Digital Trust services can help reduce your risk and strengthen your resilience, we’re here to talk.

‍