The cost of global data breaches to victim organizations will rise to over $5 trillion by 2024 as regulatory fines take hold and firms become more dependent on digital systems, according to new predictions from Juniper Research.

The figures come from the UK-based market watcher’s latest report, The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024.

The firm claimed that breach costs will rise by 11% annually over the report period, from a figure of $3 trillion in 2019.

However, it argued that although mega-breaches of large volumes of data may make headlines, they won’t necessarily impact costs directly, as fines and lost business aren’t closely linked to the size of a breach.

That’s somewhat at odds with data from IBM, which has been running a Cost of a Data Breach study for many years.

While the average global cost of a breach is now at $3.9m, it estimated that when incidents involve the compromise of over one million records this figure soars to $42m, while breaches of 50 million records are estimated to cost companies $388m on average.

Juniper claimed that AI will play an increasingly important role in cybercrime, enabling hackers to map the behavior of security systems to more easily circumvent defenses.

It also predicted that more attention will be paid to staff training and awareness in future, so that organizations can optimize their cybersecurity spending.

“All businesses need to be aware of the holistic nature of cybercrime and, in turn, act holistically in their mitigation attempts,” argued report author Susan Morrow. “As social engineering continues unabated, the use of human-centric security tactics needs to take hold in enterprise security.”

Franklyn Jones of Cequence Security argued that there may also be significant secondary costs to breaches beyond the headline $5 trillion figure.

“I’m referring to the growing number of malicious, automated bot attacks that are fueled by the billions of credentials stolen from these initial breaches,” he said. 

“Those secondary attacks, which are even harder to detect than the initial data breaches, tend to focus on business logic abuse, stolen IP, and financial fraud. The cost of these types of attacks are often under-reported, but are likely in the billions of dollars.”