Is there an acceptable ROI for cyber risk spending?

The global average cost of a data breach has jumped according to the IBM/Ponemon Institute Cost of a Data Breach Report 2024.

It is up by 10% to $4.88 million.

I am going to bet that is much less than most people think the cost is, and they will question the results. I will let them read the survey for themselves.

The good news is that the use of AI appears to cut those costs significantly.

But my question is whether organizations are spending too much, too little, or just the right level when you consider the level of risk presented by a data breach.

Do they even consider whether there is a sufficient ROI for the money they are spending each year to prevent, detect, and respond to a breach? Are they spending an unacceptable multiple of the potential cost of the breach? Are they spending additional funds on cyber that lower the level of risk by much less? Or are they spending far too little, considering the potential disruption, operational cost, and even regulatory fines that could flow from a breach?

With that in mind, please take a few minutes (you may have to spend more time gathering the data on your organization’s cyber risk and spend) to answer a 4-question survey. I…