IBM’s latest “Cost of a Data Breach” report reveals alarming increases

The global average total cost of a data breach increased from US$110,00 to US$4.35 million in 2022, the highest it’s been in the history of IBM’s report.
31 August 2022

Here are some alarming stats from IBM’s latest “Cost of a Data Breach” report.

  • Data breach costs increased nearly 13% over the last two years, suggesting it may also be contributing to rising costs of goods and services.
  • In another shocking revelation, almost 80% of critical infrastructure organizations studied don’t adopt zero trust strategies.
  • 45% of studied breaches occurred in the cloud.
  • Compromised credentials continued to reign as the most common cause of a breach (19%), but phishing was the costliest cause.

We are currently living in an era where substantial assets and the value of organizations are manifested in digital form — leaving most of us deeply connected to global technology networks. That means there are more sophisticated cyberattacks that are highly adaptable to defenses. In fact, IBM Security recently highlighted that the impact of data breaches is getting costlier each year, with the global average cost of a data breach reaching an all-time high of US$4.35 million in 2021.

IBM Security released its annual Cost of a Data Breach report last month and it revealed that data breach costs have increased nearly 13% over the last two years of the report. What is more surprising is that the findings suggest these incidents may also be contributing to rising costs of goods and services. “In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues,” the security software arm of IBM noted.

Average total cost of a data breach

Average total cost of a data breach. Source: IBM

To top it off, the IBM report found 83% of the organizations studied have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach. “The perpetuity of cyberattacks is also shedding light on the ‘haunting effect’ data breaches are having on businesses,” IBM Security said.

The 2022 Cost of a Data Breach report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. While the research was sponsored and analyzed by IBM Security, it was conducted by the Ponemon Institute.

The what and whys of the Cost of Data Breach report

While it is commonly known that phishing scams have been on the rise since the pandemic, IBM also highlighted the fact that they are also the costliest cause of breaches. “While compromised credentials continued to reign as the most common cause of a breach (19%), phishing was the second (16%) and the costliest cause, leading to US$4.91 million in average breach costs for responding organizations,” the report noted.

Healthcare, a sector that has been a target since the pandemic too, has recorded its first double digit data breach cost for the first time ever. “For the 12th year in a row, healthcare participants saw the costliest breaches among industries, with average breach costs in healthcare increasing by nearly US$1 million to reach a record high of $10.1 million,” the report shows.

Average cost of a data breach by industry

Average cost of a data breach by industry.
Source: IBM

While zero-trust strategies have been highly recommended by experts, the IBM study found that critical infrastructure still lags in terms of  zero trust. Almost 80% of critical infrastructure organizations studied have yet to adopt zero trust strategies, seeing average breach costs rise to US$5.4 million – a US$1.17 million increase compared to those that do, while 28% of breaches among these organizations were ransomware or destructive attacks.

216774">
216774">
216774">

Despite the call for caution, and a year after the Biden Administration issued a cybersecurity executive order that centers around the importance of adopting a zero trust approach to strengthen the nation’s cybersecurity, only 21% of critical infrastructure organizations studied have adopted a zero trust security model, according to the report. 

It is fair to note that the report highlights that 45% of studied breaches occurred in the cloud, emphasizing the importance of cloud security. “However, a significant 43% of reporting organizations stated they are just in the early stages or have not yet started implementing security practices to protect their cloud environments, observing higher breach cost,” IBM said. 

The report added that businesses that did not implement security practices across their cloud environments would require an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains. As expected, among the most common reasons for an increasing number of breaches is insufficient security staffing. 

IBM found that 62% percent of studied organizations said they are not sufficiently staffed to meet their security needs, averaging US$550,000 more in breach costs than those were sufficiently staffed. In contrast, security AI and automation is seen as a multi-million-dollar cost saver among the businesses studied.

“Participating organizations fully deploying security AI and automation incurred US$3.05 million less on average in breach costs compared to those that have not deployed the technology – the biggest cost saver observed in the study,” IBM concluded.