In 2024, the average cost of a data breach soared to $4.88 million—a 10% increase over the previous year. This year, analysis indicates we will see the same percentage increase again, teetering over the $5 million mark.
Obviously, this is an insane amount of money—an amount that would put many organizations out of business. So, why is it that data breaches seem to be getting more expensive year on year? There are a number of factors at play.
Let’s take a look.
The meteoric rise of class action costs
Data privacy litigation may not be new, but it’s rapidly becoming a fixture of the landscape. In 2024, we saw the largest class action settlements in history—$560 million across the first, second, and sixth largest data breach cases.
Looking ahead to 2025, Forrester predicts breach-related class action costs will outpace regulatory fines by an eye-watering 50%. For businesses that find themselves at the center of a data breach, this shift in dynamics represents a seismic change in how the financial repercussions of breaches are felt.
No longer are organizations just on the hook for compliance violations and regulatory fines—they now risk significant settlements, potentially running into hundreds of millions of dollars, paid directly to the individuals whose data was compromised.
The scale of these payouts can be staggering. Take T-Mobile, which had to pay a settlement of $350 million to victims of a major data breach. That’s on top of the millions in compliance fines it had to pay to bodies like the US Treasury—and doesn’t even account for the costs of reputational damage associated with such a high-profile lawsuit.
Because class action lawsuits have become increasingly successful and garnered press attention, they’re becoming a de-facto way for victims to seek compensation and justice after a breach.
Already, there are a slew of these cases set for trial in 2025. For instance, more than 100 lawsuits related to the MOVEit vulnerability breach and 50 involving the Change Healthcare cyberattack are already in the pipeline. Given the sheer number of cases and the growing momentum behind these lawsuits, 2025 is on track to break new records for class action settlements.
Expanding cyber insurance exclusions
Cyber insurance can be a lifeline in the event of a data breach, helping your organization to ride out the storm and recoup after an incident. However, cyber insurance is not a catch-all, and organizations must beware common exclusions that prevent successful claims.
These are as follows:
1. Unencrypted data: Many insurers require encryption as part of your security measures. If unencrypted data is breached, your claim could be denied. Ensure your encryption and security practices meet industry standards.
2. Contractual liabilities: Some policies exclude coverage for losses related to contractual obligations, like indemnity clauses with clients or vendors. Review your policy carefully and consider negotiating additional coverage if needed.
3. Ransomware coverage: Some policies exclude ransomware-related costs, including ransom payments or recovery expenses. Check that your policy covers ransomware attacks fully.
4. Insider threats: Damage caused by insider threats, whether intentional or accidental, is often excluded. Strengthen your internal security and make sure your policy covers this risk.
Growing cloud dependence
According to IBM’s Cost of a Data Breach Report, 40% of data security incidents involve data that is stored in cloud environments like SaaS apps and PaaS platforms. While these incidents don’t yet account for the majority of breaches, they are the most expensive, with the average breach costing $5.17 million.
In essence, that means if you suffer a cloud breach, it’s going to cost you more than, say, a malware attack on your network. The reason? For one, cloud environments are inherently opaque. With data dispersed across different platforms, each with their own unique interfaces and controls, it’s difficult for organizations to understand exactly where their data is, who’s accessing it and when.
Should a breach occur, the lack of visibility and control within the cloud means discovering, containing and recovering from that breach will take a long time. How do you know the true scale of the incident? How it happened? What data was impacted? Without specialist tools already in place, uncovering these answers can stretch the incident response process to months—and burn money in the process.
On top of that, it’s crucial to remember that the cloud can hold huge troves of data. The more data that’s stolen, the bigger the clean-up process and damage: more customers to notify, a bigger regulatory fine, more investigations to be done. In short, the more data you have in the cloud, the greater the risk and cost of a breach—making it critical to implement robust data security measures tailored specifically to the cloud.
The upsurge in shadow AI
Shadow AI refers to the unsanctioned use of generative AI applications like ChatGPT and Bard within the enterprise. According to recent research, over 60% of employees are using these applications without their security team’s knowledge. While, at first look, this doesn’t seem like too much of a problem, third-party generative AI applications are a potent security risk.
This is because generative AI platforms learn from the data people feed them. This means that any sensitive information inputted by employees could potentially be regurgitated in responses to other users—an immediate data breach. Worse still, the opacity of these apps means organizations will now know about a data breach until it is far, far too late—and regulators and victims will not take well to organizations that failed to properly protect the use of AI in their organization, likely causing more grave fines.
Additionally, like the challenges posed by cloud environments, the lack of transparency in generative AI tools makes it nearly impossible to fully understand the scale of a data breach. Organizations are left in the dark about where sensitive data has gone, who accessed it, and how it was used. Without this visibility, creating an accurate map of the breach and its impact becomes nearly impossible. As a result, recovery efforts can drag on for months, costing businesses valuable time and resources while further compounding the damage.
The ever-present cybersecurity skills shortage
As we’ve pointed out, recovery time is one of the biggest factors in determining the cost of a data breach. The quicker an organization can detect, contain, and recover from an incident, the lower the overall costs will be. However, the current cybersecurity skills shortage is making this harder than ever. There simply aren’t enough skilled professionals to staff today’s Security Operations Centers (SOCs), leaving security teams overloaded and stretched thin.
This staffing gap means that recovery times are often longer. Security teams are juggling too many tasks, which increases the chances of missing critical alerts and slows down incident response. The longer it takes to respond, the higher the costs—both in terms of money and reputation. Additionally, without enough in-house expertise, organizations often have to rely on third-party specialists to help manage the recovery process, which adds even more costs.
The shortage of cybersecurity professionals doesn’t just impact recovery—it also makes it harder to implement proactive security measures that could prevent breaches in the first place. Overworked teams can’t focus on long-term security improvements, which increases the likelihood of future incidents.
Prevention is better than recovery
With all these factors at play, it’s easy to see why data breach costs are yet again set to soar in 2025. The attack surface is growing exponentially because of advances in cloud computing and AI—and cyber insurers are tightening their policies as a result.
At the same time, consumers are more aware than ever of their data privacy rights, and are happy to take action against organizations that fail to protect their information. On top of all that, there simply aren’t enough skilled cybersecurity professionals around to adequately protect modern organizations’ ever-expanding digital fabric.
However, that’s not to say your organization is a sitting duck, by any means. Knowledge, after all, is power. In understanding the risks you face, you can put in place proactive mechanisms to prevent a data breach—and all its associated costs.
Here are the key steps to take:
- Get the basics right: Far too often, successful cyber attacks result from simple brute-force attacks, rather than complex undertaking. To that end, get the basics of cybersecurity right in your organization: enforce multi-factor authentication, use strong passwords and regularly patch software applications.
- Check your cyber insurance cover: With increasing exclusions in cyber insurance cover, it’s vital to understand exactly what your policy covers, and what it doesn’t. Conduct an in-depth review so you and your team understand potential blindspots, and look at ways you can reduce the cost of your cover by enhancing your cyber resilience.
- Lean on AI and automation to bolster the SOC: The skills gap isn’t going anywhere. Luckily, AI can do wonders to alleviate the stress on overworked security teams, taking on manual, repetitive tasks like user behavior analytics, malware detection and even employee cybersecurity training (click here to learn more.)
- Deploy specialist DLP for the cloud and AI applications: With the cloud and AI amongst the biggest factors influencing data breach costs, it’s crucial to secure sensitive information in cloud applications and generative AI tools. Solutions like Polymer DLP use AI and automation to autonomously discover, classify and secure sensitive data in these applications, ensuring that they are only accessed by legitimate users, and for legitimate purposes in real-time.
While DLP gets a bad name for producing false positives, Polymer DLP’s contextual, self-learning engine monitors user behavior in real-time to build a deep, accurate understanding of user roles and actions, resulting in data exposure prevention that is precise and trustworthy, without hindering employee productivity.
Prevent a costly data breach in 2025. Request a demo from Polymer DLP now.