For the second year in a row, Brazil took the crown as the country with the lowest cost per breach, at $1.36 million (though up by 11.5%, from $1.22 million in 2023).

Damages vary by attack type and skills shortage

The type of attack influenced the financial damage, the report noted. Destructive attacks, in which the bad actors delete data and destroy systems, cost the most: $5.68 million per breach ($5.23 million in 2023). Data exfiltration, in which data is stolen, and ransomware, in which data is encrypted and a ransom demanded, came second and third, at $5.21 million and $4.91 million respectively.

However, noted Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group, sometimes attackers combine their tactics. “Double extortion ransomware attacks are a key factor that is influencing the cost of data breaches,” he said in an email. “Since 2023, we have observed that ransomware attacks now include double extortion attacks. In this type of attack, data is exfiltrated prior to being encrypted. By doing this, cybercriminals are able to hold the organization hostage for the stolen data and also expect payment for providing a decryption key. This often results in higher payments being requested by cyber criminals and causing higher recovery fees and longer business disruptions.”