Data breach costs hit a record high in 2022

According to IBM's 2022 research, the average cost of a data security breach has reached a new high of $4.35 million, and 60% of companies have chosen to raise the price of their goods and services to offset the loss caused.

The average cost of a data security incident has increased by 12.7% over the last two years to $4.35 million, a new record high. Additionally, some companies are shifting the pressure on the customers with raised prices, on top of the increase due to supply chain issues and inflation.

The IBM 2022 Cost of Data Breach research also indicated that 83% of the companies questioned had experienced more than one data breach, bringing the total up 2.6% from last year's $4.24 million per breach. The Ponemon Institute analyzed 550 organizations affected by data breaches between March 2021 and March 2022 across 17 geographic markets.

Only 17% claimed that this was their first breach. Additionally, 60% reported raising the price of their goods and services due to the losses incurred due to the data breach. Additionally, they kept recording losses long after the hack, with nearly half of these expenses occurring more than a year after.

The average breach cost for US-based businesses increased 4.3% to $9.44 million, making it the highest in the world. The Middle East region came in second with an average cost of $7.46 million, up from $6.93 million in 2021. Germany, the UK, and Canada completed the top five, with average losses per breach of $5.64 million, $5.05 million, and $4.85 million, respectively.

Six of the 17 markets examined—including Japan, South Korea, and France—saw a decrease in their average breach costs.

Human errors and weak supply chains

Companies took an average of 207 days to find the breach and 70 days to stop it, down from the average of 212 days to find the breach and 75 days to stop it last year.

A supply chain attack was responsible for about 19% of breaches, costing an average of $4.46 million and taking 26 days longer to uncover and contain than the global average of 277 days. A business partner was the initial point of compromise for supply chain intrusions.

A company's IT systems failing or being disrupted, which resulted in data loss, was the cause of 24% of breaches. At the same time, human errors, which included careless acts of workers or outside contractors, accounted for 21% of occurrences. The latter includes process problems such as automatic communication faults or mistakes in source programs.

Ransomware assaults accounted for 11% of breaches, up from 7.8% last year and growing at a pace of 41%, but their average cost decreased slightly from $4.62 million in 2021 to $4.54 million this year.

According to the research, attacks using stolen or compromised credentials continued to be the most frequent reason for a data breach, accounting for 19% of all instances this year. The longest lifecycle of 243 days to identify and 84 days to contain the breach was experienced by breaches caused by stolen or compromised credentials, which cost an average of $4.5 million each.

Phishing was the second-most typical cause of a data breach, accounting for 16% of all attacks, but it was also the most expensive, with damages averaging $4.91 million.

Healthcare set a record for the most expensive industry, with an average breach cost of $10.1 million, over $1 million higher than in 2021. In fact, since 2020, the cost of a breach in the sector has increased by 41.6%.

The average breach cost was $5.97 million in the financial services industry, $5.01 million in pharmaceuticals, $4.97 million in technology, and $4.72 million in energy, respectively.

The average breach cost for businesses managing vital infrastructures was $4.82 million, $1 million more than the average breach cost for businesses in other industries. Companies from the financial services, energy, transportation, healthcare, and government sectors comprised the critical infrastructure.

Among these organizations, 28% had been the target of a damaging or ransomware assault, and 17% identified a weak supply chain partner.

Innovative security measures

The IBM study examined the impact of data breaches on businesses that had and hadn't implemented security measures and technologies like extended detection and response (XDR), artificial intelligence, and zero trust (AI).

According to the report, over 80% of critical infrastructure organizations without a zero trust strategy experienced breaches that cost an average of $5.4 million, or $1.17 million more, than those who did. Overall, 41% of organizations reported having implemented a zero trust security framework, up from 35% the previous year, while the remaining 59% had not.

This year, 70% of organizations reported using such tools, up from 59% in 2020.

Furthermore, compared to businesses with established cloud security environments, 43% of those in the early phases of implementing security standards across their platforms had losses of at least $660,000.

A hybrid cloud environment accounted for 44% of breaches in the survey, with those incidents costing an average of $3.8 million, as opposed to $4.24 million for private cloud breaches and $5.02 million for public cloud breaches.

Breach incidents involving remote workers cost $4.99 million, about $1 million more than incidents where remote employment was not a role.

Compared to their peers who had not installed such tools, which took 304 days on average to discover and contain a breach, around 44% of organizations that had used XDR technology experienced shorter breach lifecycles of about a month.

Organizations that experienced ransomware attacks who paid the ransom incurred $610,000 less in breach expenses overall (excluding ransom) than those who did not.

Additionally, 62% of businesses reported having insufficient staff to handle their cybersecurity requirements, and these businesses had average breach costs of $550,000, greater than those of businesses with sufficient staff.