As we close 2024, now is the time to look ahead at what might be in store for Incident Response in 2025. Examining current trends provides a solid baseline for what to expect.
Organizations are facing a rising number of data breaches
What should come as no surprise to anyone: data breaches continue to rise. According to the 2024 Verizon Data Breach Investigations Report, there were 10,626 data compromises in the first three quarters of 2024, more than doubling last year’s 5,199 total. In its Experian 2025 Data Breach Industry Forecast, Experian reports supporting more than 4,000 client data breaches in the first three quarters. More than 66 million consumers globally were impacted by these data breaches from Experian’s client base in 2024, a 13% increase from 2023. This continues the trend of recent years with the Identity Theft Resource Center revealing a record 78% rise of reported company security breaches (3,205) in 2023.
Organizations are facing higher costs from data breaches
Not only are data breaches becoming more prevalent, but they’re also getting more expensive. In IBM’s 2024 Cost of a Data Breach Report, the company found the global average cost of a breach rose 10% from 2023, reaching $4.88 million, the biggest increase since the COVID-19 pandemic. NetDiligence Cyber Claims Study 2024 Report similarly shows initial ransom demands reaching $80 million with ransoms paid as high as $50M. In 2024, 15 companies paid ransoms greater than $10 million.
Predictions for 2025
Looking ahead, here are four predictions for the Cyber Security and Incident Response industry in 2025:
- AI will play a bigger role in breaches, prevention and recovery: AI’s advanced programming capabilities make it a powerful tool for generating new and more sophisticated threats. However, AI will also be used for defensive purposes (monitoring; thwarting; data mapping and threat intelligence), and recovery efforts (data mining, summaries, first draft notification).
- More companies will take a proactive approach to data security: more companies will change their thinking from “if” to “when” regarding breaches and, in turn, will take a proactive approach that includes plans, response teams, updated policies, and penetration testing. Companies will use data mapping to know where their data is stored within the organization and who has access, including third party partners. Insurance providers will incentivize companies to take these steps.
- Customer over-notification will decrease: A proactive approach enables companies to respond efficiently during an incident, swiftly identifying compromised data and notifying only the impacted customers instead of everyone who might be affected. This method significantly reduces liability, exposure, and costs, delivering a strong return on investment.
- More companies will purchase cyber insurance for breach protection: As breaches continue to grow in volume and AI becomes more prevalent, new threats continue to emerge, and remote work continues, cyber insurance will become more of a must-have for companies large and small.
For more information on proactively preparing for a data breach in the new year, read our article, “Data Breach Response: A Framework for Prevention, Planning, and Response.”
Happy 2025!