According to the recently released 2022 Cost of a Data Breach Report, the average cost of a data breach hit an all-time high of $4.35 million this year, an increase of 2.6% from a year earlier and 12.7% since 2020.
For the first time, new research in the report this year reveals that 83% of the organizations in the survey have experienced more than one data breach, while only 17% claimed that this was their first data breach. Additionally, businesses that have had breaches have passed on additional costs to customers at a time when inflation is on the rise. According to the study, 60% of organizations reported raising prices for goods and services in response to breach losses.
These are only a few of the many conclusions drawn from the study of 550 businesses from different industries and regions that suffered a data breach between March 2021 and March 2022. The Cost of a Data Breach Report, now in its 17th year and based on research independently conducted by Ponemon Institute and analysis by IBM Security, is one of the top benchmark reports in the security sector. It gives IT, security, and business leaders a perspective on the risk variables that could raise the price tag for a data breach and the security procedures and tools that could lessen security risk and monetary losses.
Since 2020, there has been a roughly one-fifth increase in the usage of security AI and automation, and cost reductions from these two factors were the highest of all factors examined.
With an 18.6% growth rate, the proportion of enterprises using security AI and automation increased from 59% in 2020 to 70% in 2022. Costs associated with breaches were $3.05 million lower at organizations using security AI and automation when 31% of those organizations claimed that these technologies are “completely deployed.” The average cost of a data breach at an enterprise without security AI and automation was $6.2 million, while the average cost was $3.15 million at an organization with security AI and automation completely implemented.
Another indicator, that of time, indicates the ROI of security AI and automation. Security AI and automation significantly reduced the time it took to detect and contain a data breach while also lowering costs (i.e., the breach lifecycle). The average lifecycle of a data breach was 74 days shorter with those technologies fully implemented than it was with no security AI and automation.
IBM offers SOAR solutions to assist organizations to speed up incident response through automation, standardized procedures, and integration with already-existing security systems. These capabilities enable a more dynamic response by giving security personnel the intelligence to react and the direction they need to quickly and effectively handle problems.
Costs associated with healthcare breaches increased to $10.1 million, the highest average cost of any industry for the 12th consecutive year.
According to PwC, healthcare inflation in the U.S. has increased by 6% to 7% since 2020, but costs associated with data breaches have increased by a much wider margin. Costs associated with breaches in the healthcare sector increased 42%, from $7.13 million in 2020 to $10.10 million in 2022. For the past 12 years running, the healthcare sector has had the highest expense.
In 2022, more companies will use zero trust than in 2021, saving around $1 million in costs.
The paper examined the effect of a zero trust security architecture on the typical cost of a data breach for the second consecutive year. From 35% in 2021 to 41% in 2022, more organizations deployed a zero trust architecture. The average breach cost for the other 59% of the organizations analyzed in the 2022 research that does not use zero trust was $1 million higher than for those that do. The cost reductions were around $1.5 million higher for firms with a mature zero trust deployment than for those who were just starting with the program, though.
In 2022, ransomware and damaging assaults cost more than the typical breach, and the proportion of breaches containing ransomware increased by 41%.
The research started examining the price of ransomware and harmful assaults last year. Compared to the global average of $4.35 million, the average cost of a destructive attack climbed from $4.69 million to $5.12 million in 2022, while the average cost of a ransomware attack decreased somewhat from $4.62 million to $4.54 million. Ransomware now accounts for 11% of breaches, up from 7.8% in 2021 and a growth rate of 41% in 2022.
The average cost savings due to incident response teams and routinely evaluated incident response plans was $2.66 million.
The two most efficient strategies to reduce the cost of a data breach were to create an incident response (IR) team and to thoroughly test the IR plan. However, 37% of the organizations in the study with IR policies don’t usually test their plan. Businesses must regularly test their IR strategies through tabletop exercises or by staging a breach in a controlled setting, like a cyber range.
The 2022 study made research history by presenting several novel findings that illustrated how elements such as supply chain compromises, key infrastructure, and the skills gap impacted the cost of a breach. The study also looked at how cloud security and extended detection and response (XDR), two security technologies, affected breach expenses. Some of these results are listed below.
An average critical infrastructure data breach cost $4.82 million.
For the critical infrastructure enterprises under study, the average cost of a data breach was $4.82 million, which was $1 million more than the average cost for businesses in other industries. The financial services, industrial, technology, energy, transportation, communication, healthcare, education, and public sector businesses all had critical infrastructure organizations. A destructive or ransomware attack affected 28% of critical infrastructure organizations, while a breach brought on by a compromised business partner affected 17% of those organizations.
Although 45% of breaches happened in the cloud, hybrid cloud solutions have lower breach costs.
In the analysis, the cloud was the site of 45% of breaches. The average cost of a hybrid cloud environment breach was $3.80 million, as opposed to $4.24 million for private cloud breaches and $5.02 million for public cloud breaches. Additionally, organizations using a hybrid cloud model experienced shorter breach lifecycles than those using only a public or private cloud approach. Compared to public cloud adopters, hybrid cloud adopters needed 48 fewer days to find and stop a breach.
By roughly a month, breach lifecycles were shortened thanks to XDR technologies.
Response times were significantly improved for the 44% of organizations using XDR technologies. Compared to organizations that didn’t use XDR, those that did had data breach lifecycles that were, on average, 29 days shorter.
The average cost and duration of a data breach can be greatly decreased with the use of XDR capabilities. Utilizing, for instance, IBM Security QRadar XDR’s unified workflow across products, enterprises were able to identify and eliminate threats more quickly.
Organizations had to pay more than half a million dollars in expenditures related to data breaches because of the skills gap.
Only 38% of the firms in the research said that their security team had enough personnel. The cost of a data breach was $550,000 more expensive for organizations with understaffed security teams than for those with properly staffed security teams due to this skills gap.
A supply chain compromise accounted for nearly one-fifth of breaches, costing more and requiring more time to contain.
In recent years, some significant assaults have attacked organizations via the supply chain, for example, when suppliers or business partners were compromised and allowed the breach to occur. Supply chain attacks made up 19% of breaches in 2022, costing $4.46 million on average, somewhat more than the global average. The average lifecycle of supply chain compromises was 26 days longer than the global average lifecycle.
Organizations can use the abundance of information in the Cost of a Data Breach Report to better assess potential financial risks and set benchmark charges based on a range of factors. Additionally, the paper offers suggestions for security best practices based on an analysis of the research by IBM Security.
Want to know more about IBM Security? Visit our course now.
In the whole report, there is more to investigate, such as:
Ready to protect your business? Gain valuable insights from the 2022 data breach cost report and take proactive steps to safeguard your sensitive information. Just click here.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com