In Part 1, some insights were shared into the data breach lifecycle, including the cost savings of reducing the time to detect and contain a cybersecurity incident.

In this segment, we’ll take a closer look at some of the key factors that can decrease that time, and therefore reduce exposure and cost.

Mitigating Costs

While the time it takes to detect, and then contain a breach has a big impact on the overall cost of a breach, IBM Security has identified 28 factors that can influence the cost of a breach.

Many of these factors can shorten the time, and therefore lower the cost of a data breach, while some others may amplify the costs of a breach.

As always, it’s important to know that these costs aren’t additive, and your own experience may vary. We do believe this is a significant sample size that produces consistent average costs*.

Warning: the following paragraphs contain a lot of numbers. I’ve included these not to bore you, but for you to be able to leverage these very real numbers in creating a business case for help in maturing your cybersecurity program.

Numbers Don’t Lie

The report shows that there are several factors that are associated with the biggest impact on reducing the time and cost of a breach: the use of intelligent technology platforms, the use of an incident response (IR) team, and the use of an MDR/XDR solution.

AI Security Platform

The report refers specifically to the use of an AI security platform, and the evaluation of this factor is fairly recent, so I’ll discount it slightly. The benefit of an AI platform is to be able to leverage technology to ‘learn’ and apply that learning without human intervention, leading to automated decisions and actions for remediation.

While there is great promise for this technology, I will submit that having human intelligence built from extensive experience, combined with the automation that technology provides, can produce excellent results that will reduce the time to identify and remediate incidents.


Regardless, the report finds that organizations with a high level of automation had an average cost of a breach that was 55.3% lower than organizations with low levels of use. This is mostly related to the Mean Time to Detect (MTTD) and Mean Time to Contain (MTTC), which, combined, showed a drop from 323 days for organizations with no security automation to 249 days on average for organizations with security automation deployed.

To have an IR plan or not?

A majority of organizations in the study had IR plans and testing of IR plans on a regular basis. Nearly three-quarters of organizations in the study said they had an IR plan. At organizations with an IR plan, a little more than half said they regularly tested the IR plan. Breaches at organizations with IR capabilities saw an average cost of a breach of $3.26 million in 2022, compared to $5.92 million at organizations without IR capabilities. This clearly shows a cost benefit to having and testing an IR plan.

XDR, Please!

XDR technologies in use impacted average breach costs with a savings of 9.2%. While these savings may appear modest at first glance, the real impact comes in the number of time organizations save in detecting and containing a breach when they use XDR: almost one month. We shared in Part 1 that time is a major factor in determining the impact of a breach. The average time to identify and contain a data breach was 10% lower with organizations with XDR technologies than those with no XDR technologies.

There are also a number of factors that increase the cost of a breach, including security system complexity and a highly remote workforce. For example, organizations with a high level of security system complexity contributed to a $2.47 million higher cost of a breach, 58% higher than the average. Simplicity seems to be better when it comes to the technology of cybersecurity.

Remote Work

Remote working has had considerable effects on the cost of a breach when remote work was a factor in causing the breach, such as a remote-working employee having credentials stolen. The study also found that breach costs were highest for organizations with many of their employees working remotely. The difference between the highest and lowest share of employees working remotely was $1.11 million, a difference of 24.4%.

The Skills Gap

As warned, that’s a lot of numbers. The bottom line is that there are a lot of factors that can increase or decrease the effectiveness of a cybersecurity program. In addition to all those factors, there is another pretty big inhibitor: the skills gap.

Many organizations are struggling to fill open positions on their security teams.

In the report, those organizations that said they were sufficiently staffed saw considerable cost savings in terms of data breach costs, compared to those without enough employees to staff their teams. At organizations with a sufficiently staffed security team, the average cost of a data breach was lower than average at $4.01 million. In contrast, the average cost of a data breach was 12.8% higher at organizations with insufficiently staffed security teams.

CyberMaxx can help with all of the above. In fact, we’ve demonstrated this consistently over the past 20 years, with many satisfied customers. We believe that the Mean Time to Detect (MTTD) for a cybersecurity incident should be 15 minutes, not 200 days.

15 minutes…not 200 days!

We’ve consistently beaten that objective, through the combination of experienced, intelligent people, proven processes developed over 20 years, and XDR technology to provide intelligence and automation in support of the people and processes.

We can and want to help!

CyberMaxx can help you develop your incident response strategy and plan, and help you test it to make sure it is effective. CyberMaxx can extend your team to provide 24×7 coverage, or we can be your team.

* The IBM Security Cost of a Data Breach Report 2022 studied 550 organizations of various sizes impacted by data breaches between March 2021 and March 2022 across 17 countries and in 17 different industries