In the modern world, few industries have been as beleaguered by inefficiencies, high costs, and burnout as healthcare. To add to these challenges, healthcare has once again retained an undesirable title: the industry with the most expensive data breaches. According to the latest research from IBM and the Ponemon Institute, healthcare organisations have held this costly crown since 2011, with the average cost of a cybersecurity incident in 2024 reaching an astounding $9.77 million. As data breaches become more sophisticated and expensive, it’s clear that the industry must take urgent action to protect its critical information systems.
The Unwanted Title: Most Expensive Data Breaches
Healthcare organisations have consistently topped the list for the most expensive data breaches, with the average cost far exceeding the global cross-industry average of $4.88 million. The $9.77 million price tag in 2024 represents not just a financial burden but a symptom of deeper issues within the industry’s cybersecurity infrastructure. The costs associated with these breaches include lost business, post-breach responses, and long-term reputational damage. While the average cost of a breach has risen across all industries, healthcare remains particularly vulnerable due to the sensitive nature of the data it handles and the complexity of its IT environments.
Contributing Factors: Shadow Data and Prolonged Detection Times
Several factors contribute to the high costs of data breaches in healthcare. One major issue is the prevalence of “shadow data” – information stored across multiple environments without adequate oversight or control. These fragmented data stores make breaches more difficult to detect and contain, leading to significantly higher costs. On average, breaches involving shadow data cost 16% more than those involving well-managed data. Furthermore, the time taken to identify and contain breaches remains alarmingly long, with the mean time in 2024 being 258 days. The situation is even worse for breaches involving stolen or compromised credentials, which take nearly 300 days to manage. These prolonged detection times are a significant driver of the high costs and disruptions caused by breaches.
Mitigating the Threat: AI, Automation, and Staffing Challenges
Many healthcare organisations are turning to advanced technologies like artificial intelligence (AI) and automation to bolster their cybersecurity defences in response to these escalating threats. These tools are proving effective in reducing the costs associated with breaches, with organisations that have fully implemented AI-driven cybersecurity seeing a $2.2 million reduction in average breach costs. However, the adoption of these technologies is not without challenges. More than half of healthcare organisations report significant staffing shortages, which hampers their ability to manage and respond to security incidents effectively. Even with the help of AI, the shortage of qualified cybersecurity professionals remains a critical issue that the industry must address to improve its overall security posture.
Conclusion
The healthcare industry’s continued reign as the sector with the most expensive data breaches clearly indicates that more must be done to protect sensitive information. As breaches become increasingly sophisticated and costly, healthcare organisations must prioritise cybersecurity by investing in advanced technologies like AI, improving staff training, and addressing critical staffing shortages. By taking these steps, the industry can hope to relinquish its unwanted crown and better safeguard the sensitive data vital to patient care and organisational trust.
Source: IBM
Image Credit: iStock
