A recent report by consulting firm SRM reveals that the average direct cost of a serious cybersecurity incident has risen by 11% year-on-year, reaching $1.7 million in 2023. For organizations without cyber insurance [1] [2], the average cost has surged even higher, reaching $2.7 million per incident. This article delves into the details of the report, highlighting the most common incident types, the risks faced by larger organizations, and the key contributors to incident costs [1]. It also sheds light on the top cybersecurity challenges faced by organizations and provides insights into future budget trends.


According to the report, the most prevalent types of cybersecurity incidents are fraud, third-party compromise [1], and data exfiltration [1]. Larger organizations are particularly vulnerable to data exfiltration and ransomware attacks. The primary factors driving up incident costs include increased insurance premiums, operational downtime [1], and recovery/response expenses [1]. Respondents to the report identified hybrid working and a lack of understanding regarding cyber trends and threats as the top cybersecurity challenges they face [1].

Furthermore, the report reveals that cybersecurity budgets only saw a modest increase of 3% in 2023. However, it is predicted that budgets will rise by 8% next year. Notably, retail [1], telecoms [1], and pharmaceutical firms allocated the largest share of their IT budget to cybersecurity in 2023 [1].


The findings of the report highlight the significant financial impact of cybersecurity incidents on organizations. With the average cost of incidents rising and the potential for even higher costs for those without cyber insurance, it is crucial for organizations to prioritize cybersecurity measures. This includes investing in robust security systems, staying updated on cyber trends and threats, and implementing effective incident response plans.

Looking ahead, the predicted increase in cybersecurity budgets indicates a growing recognition of the importance of cybersecurity. However, organizations must continue to allocate sufficient resources to address the evolving threat landscape. By doing so, they can better protect themselves against cyberattacks and minimize the potential financial and reputational damage that such incidents can cause.


[1] https://www.infosecurity-magazine.com/news/cyberincident-costs-surge-11/
[2] https://ciso2ciso.com/cyber-incident-costs-surge-11-as-budgets-remain-muted-source-www-infosecurity-magazine-com/