Data Breach Costs Reach New Record High

The average cost of a data breach globally now stands at $4.35m, up nearly 13% on 2020 figures and a new all-time record, according to IBM.

The tech giant’s annual Cost of a Data Breach Report, now in its 17th year, was compiled from interviews with 550 organizations in 17 countries breached between March 2021 and March 2022.

Aside from the headline findings, which represent a 2.6% increase on last year’s report, the firm claimed that consumers are suffering disproportionately from these incidents.

It said that 60% of breached organizations put their prices up following a breach, adding to runaway global inflation.

Phishing is the most expensive cause of breach events, resulting in average costs of $4.9m for victim organizations, while compromised credentials are the most common cause (19%).

Healthcare remains the sector in which costs are highest. For the 12th year in a row it has led the pack, with breach costs in 2022 increasing nearly $1m to reach over $10m. The US remained the most expensive country, with average costs of $9.4m.

There were also interesting insights for CISOs in critical infrastructure organizations who may be considering zero trust strategies.

Some 80% of those surveyed from the sector said they haven’t adopted such approaches. This saw their breach costs increase by nearly $1.2m over those who did, to reach $5.4m.

There was also a word of warning for organizations who would pay their extorters if compromised by ransomware. Respondents who did saw only $610,000 less in average breach costs.

When the ransom itself is included, breach costs could be significantly more. The average costs of a ransom attack without the ransom payment was $4.5m.

Nearly half (45%) of recorded breaches occurred in the cloud, with those who had not yet formulated a security strategy or were in the early stages of doing so liable to pay on average $660,000 more than those with a mature cloud security posture.

Breaches seem inevitable: 83% of organizations studied said they’d suffered more than one. However, detection and response is getting better.

The average time to identify and contain a data breach fell from 287 days in 2021 to 277 days in 2022, a decrease of 3.5%. Organizations running XDR tooling saved a further 29 days.

The biggest cost saving identified in the report was use of security AI and automation technology – those organizations running it incurred $3m less on average in breach costs.

"Businesses need to put their security defenses on the offense and beat attackers to the punch. It's time to stop the adversary from achieving their objectives and start to minimize the impact of attacks,” said Charles Henderson, global head of IBM Security X-Force.  

“The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases."

What’s Hot on Infosecurity Magazine?