When it comes to identifying and containing data breaches, organizations armed with security AI plus automation spend 108 days fewer than their differently prepared counterparts. The AI-wielding orgs also incur $1.76 million less in breach-recovery costs.

The findings are from an IBM Security analysis of data compiled by Ponemon Institute. Ponemon gathered the data by interviewing qualified representatives of 533 organizations that suffered a breach between March 2022 and March 2023.

Of note, IBM Security regularly speaks of “security AI and automation” as a single, unified thing. Going by language in a new report, the company defines the term as technology that “enables organizations to predict threats, protect data as it moves, and respond with speed and precision without holding back business innovation.”

Other key findings from the report, “Cost of a Data Breach 2023,” which was released the last week of July and is the sixth in the series:

• For the 13th consecutive year, healthcare shows the most expensive data breaches of any sector, shelling out an average of $10.93 million per breach. Far behind are runners-up financial ($5.90 million), pharmaceuticals ($4.82 million), energy ($4.78 million) and industrial ($4.73 million). The average across all industries was $4.45 million.
   
• That’s up 8.3% over 2022 ($10.10 million)—and a 53.3% spike over 2020, when healthcare reported an average breach-recovery price of $7.13 million. IBM notes healthcare’s rising average breach cost since the start of the COVID pandemic, adding that healthcare is both heavily regulated and considered critical infrastructure by the federal government.
   
• Slightly more than half of interviewed organizations, 51%, are planning to spend more on security in hopes of avoiding another painful bite in the back pocket. Top areas named for additional investments include incident response planning and testing, employee training, and threat detection and response technologies.
   
• 82% of all 2022-’23 breaches involved data stored in the cloud—public, private or multiple environments. IBM says these cyber break-ins incur a higher-than-average cost of $4.75 million.
   
• 61% of organizations employ some level of security AI and automation. Only 28% of organizations extensively used security AI and automation tools in their cybersecurity processes, while 33% had limited use, IBM says, adding: “That leaves nearly 4 in 10 relying solely on manual inputs in their security operations.”

Worth noting is that healthcare orgs comprised the smallest slice of the 17-industry study cohort.

Read a report summary from IBM’s marketing operation or the full report (in slides).