Australian businesses are facing unprecedented financial risks from data breaches, with the average cost reaching a record AUD $4.26 million in 2024, according to IBM's annual Cost of a Data Breach Report, a 27% increase since 2020.

The technology sector bore the brunt of these costly cyber incidents, with average breaches amounting to AUD $5.81 million. Close behind was the financial services industry, where breaches typically cost AUD $5.61 million.

The report, based on an analysis of real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024, revealed several key findings for Australia:

-  Initial attack vectors: Phishing attacks emerged as the most common initial attack vector, accounting for 22% of breaches and costing businesses an average of AUD $4.35 million per incident. Stolen or compromised credentials followed closely, responsible for 17% of breaches with an average cost of AUD $4.32 million.

- Data Breach Lifecycles: Australian companies required an average of 266 days to identify and contain cyber incidents, surpassing the global average of 258 days by eight days.

- Data Visibility Gaps: Nearly a third (32%) of breaches involved data stored across multiple environments, including public cloud, private cloud, and on-premises systems. These incidents proved to be the most expensive and time-consuming, costing an average of AUD $4.88 million and taking 301 days to identify and contain.

- Detection and Escalation Costs: At AUD $1.65 million on average, the cost of detecting cyber threats remained the most expensive component of a breach, followed by post-breach response and lost business costs.

IBM Security APAC Chief Technology Officer Christopher Hockings said the cyber security industry is reaching a tipping point in the maturity curve for AI, where enterprise grade AI capabilities can be trusted to automatically act upon many types of threats.

“Breached organisations across Australia are seeing significant cost and time savings via their use of security AI and automation across their security operations,” Mr Hockings said.

“Australian businesses are increasingly understanding that the ability to detect and respond to cyber threats swiftly can make all the difference. With attacks growing more sophisticated, it's imperative for organisations to adapt and prioritise speed in their cybersecurity efforts to avoid costly breaches.”