Rising Breach Costs, AI’s Double-Edged Sword, and HealthEquity’s Data Drama
31.07.2024

In the last IS news roundup for July, we cover the key findings of IBM and Ponemon's Cost of a Data Breach Report 2024 and share details of the HealthEquity case. 

The IBM-Ponemon report released on July 30th revealed that in 2023, the average cost of a data breach increased from $4.45 million to $4.88 million. According to the report, the top five regions with the highest average data breach cost are the USA ($9.36 million), the Middle East ($8.75 million), Benelux ($5.90 million), Germany ($5.31 million), and Italy ($4.73 million).

The report shows that, compared to other types, malicious insider attacks turned out to be the costliest, averaging $4.99 million. Other high-cost attack methods include business email compromise, phishing, social engineering, and the use of stolen or compromised credentials. The report says that generative AI could be contributing to the rise in phishing attacks, as it makes it easier for even non-native speakers to create grammatically correct and plausible phishing messages in many languages.


In addition to evergreen phishing, AI now poses risks through the use of chatbots. To stay ahead of these threats, read our expert’s insights on this technology.


But at the same time, AI is helping organizations reduce cyber risk as well. In 2024, there was a 10% jump in the deployment of AI and automation in companies' security operations centers. This helped organizations reduce breach costs by $2.2 million, which is the largest cost savings revealed.

Another concerning factor is the global growth of the cybersecurity skill shortage, which has risen by 26.2% since 2023. About 50% of the organizations that have experienced breaches report significant shortages in security staff. In response, companies are trying to cover the need for qualified specialists with the help of AI security tools.


Besides, the problem of security staff shortages can now be solved more easily than ever with a managed security service. It will help you not only enhance safety but also ensure regulatory compliance, all without the need for expensive hardware or personnel costs.


While the IBM-Ponemon report provides a comprehensive overview of the costs and effects of data breaches, a practical illustration can be seen in the recent incident at HealthEquity.

A major U.S. provider of health savings accounts and other financial health services reported a cybersecurity breach affecting 4.3 million people. The breach, which occurred on March 9, 2024, but was only confirmed on June 26 after an internal investigation, involved unauthorized access to a data repository containing sensitive personal information, including:

  • Full names
  • Home address
  • Telephone number
  • Employer and employee ID
  • Social Security Number (SSN)
  • General dependent information
  • Payment card information (not numbers)

HealthEquity has secured the compromised repository, which is outside its core systems, and enhanced its security measures, including a global password reset. Impacted individuals will receive two years of credit monitoring and identity theft protection from Equifax. They are advised to monitor their account statements and verify that their HealthEquity profile information is correct. Currently, no group has claimed responsibility for the breach, and the stolen data has not appeared online.

In this context, it is essential to adopt proper security practices and have the right solutions to manage cyber risks. Choose your tools wisely and stay vigilant!

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.