IBM: Law enforcement helped save ransomware victims $470k in 2023

IBM: Mockup image of ransomware - a red background with binary code and a padlock in the middle with 'ransomware' written on top of it
(Image credit: Getty Images)

Victims of ransomware that did not involve law enforcement paid an average of $470,000 more in breach costs in 2023 than those that did, according to a new report released by IBM.

Conducted in partnership with Ponemon Institute, the firm’s annual Cost of a Data Breach Report analyzed data breaches experienced by 553 organizations around the world between March 2022 and March 2023.

The study found that participating organizations that did not involve law enforcement experienced breach life cycles that were 33 days longer on average than those that did reach out – at an average cost of $470,000.

Despite ongoing efforts by law enforcement to collaborate with ransomware victims, 37% of surveyed organizations still chose not to engage them, while 47% reportedly paid the ransom.

For those that did, the total time to identify and contain a ransomware breach stood at 273 days, compared with 306 days for those who didn’t – an 11.4% reduction. 


Whitepaper cover with red and white title over a black and white image of a businessman stood looking out of an office window

(Image credit: Mimecast)

State of ransomware readiness 2022

Dig deeper into ransomware threats and assess their impact on cyber security teams.


The mean time to contain a breach was 63 days - 23.8% shorter with law enforcement involvement compared to 80 days without.

Overall, the global average cost of a data breach saw a 15% increase over the last three years, rising to $4.45 million in 2023 – an all-time high for the report, which has been conducted annually for the previous 18 years.

Detection and escalation costs also jumped 42% over the same period, representing the highest portion of breach costs, which IBM says signifies a shift towards more complex breach investigations.

IBM Cost of Data Breach Report: Paying the ransom

Organizations that decided to pay the ransom during an attack were found to achieve just a 2.2% difference in total cost, coming in at $5.06 million compared to the $5.17 million total for those that did not. 

However, IBM said that calculation does not take into consideration the ransom fee itself and, due to their hefty totals, those that did pay were likely to have spent more overall. 

Additionally, the data revealed that paying a ransom has also become less beneficial, with an 82.5% decline in savings since last year’s report.

IBM Cost of Data Breach Report: Detection and escalation

Overall costs have risen and so too have the costs associated with detection and escalation. 

IBM said these costs include activities that enable an organization to “reasonably detect a breach” and can include forensic and investigative activities, assessment and audit services, crisis management, as well as communications to executives and boards.

In 2022, the category became the costliest of the data breach expenses, suggesting that investigations had become more complex and time-consuming. This year, it remained on top of the pile, rising 9.7% from $1.44 million to $1.58 million.

IBM Cost of Data Breach Report: Data breach lifecycle

As for the data breach lifecycle, the report found that the time taken to identify and contain a data breach “held steady” at 277 days – or approximately nine months – in 2023. 

That’s consistent with the average over the last seven years of reported data, which ranges from a low of 257 days in 2017 to a high of 287 in 2021.

Shorter data breach lifecycles also continue to be linked to lower data breach costs, with lifecycles under a 200-day threshold clocking an average cost of $3.93 million. By comparison, longer lifecycles of more than 200 days cost an average of $4.95 million – a 23% difference.

IBM Cost of Data Breach Report: Cost mitigation

From a pool of 27 key cost factors, the adoption of a DevSecOps approach was the most effective at mitigating overall costs. According to the data, breaches at organizations that had implemented a DevSecOps approach had an average cost that was $249,278 less than the average of $4.45 million.

Employee training and incident response planning and testing rounded out the top three, with average cost reductions of $232,867 and $232,008 respectively.

As for cost amplifiers, the top three culprits were found to be security system complexity (+$240,889), security skills shortage (+$238,637), and noncompliance with regulators (+$218,915). The average cost of a breach for organizations with high levels of security skills shortage was $5.36 million.

Commenting on the findings, Chris McCurdy, general manager at Worldwide IBM Security Services, said that time is the “new currency” in cyber security for both defenders and attackers.

“As the report shows, early detection and fast response can significantly reduce the impact of a breach,” he said. “Security teams must focus on where adversaries are the most successful and concentrate their efforts on stopping them before they achieve their goals. 

“Investments in threat detection and response approaches that accelerate defenders speed and efficiency – such as AI and automation – are crucial to shifting this balance.”

Daniel Todd

Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.

A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.

He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.