According to the annual IBM report released on Wednesday, the average data breach cost has risen to an all-time high of $4.35 million in 2022, an increase of 2.6% from $4.24 million in 2021.
The report's findings are based on an analysis of real-world data breach incidents experienced by 550 organizations globally, between March 2021 and March 2022. IBM has been studying data breaches in the U.S. for the past 17 years.
Top findings from the IBM report
As per the study, 83% of the organizations studied have experienced a breach more than once in their lifespan.
Lacking the Zero-Trust model: Nearly 80% of critical infrastructure organizations analyzed lacked zero-trust strategies and collectively pushed the average cost to $5.4 million. Apparently, each contributed $1.17 million more compared to the organizations that have implemented the zero-trust model.
Paying a ransom isn’t helping: Ransomware victims who opted to pay the ransom witnessed only $610,000 less in average breach costs when compared to those that chose not to pay.
Insecure cloud infrastructure: A total of 43% of organizations have not implemented security practices across their cloud environments, resulting in a $660,000 increase in breach costs compared to those with excellent cloud security.
Another concerning observation—also becoming a trend—is that close to 50% of breach costs borne by a victim organization occur a year after the cyberattack.
Other key insights
For the studied organizations, ransomware and damaging cyberattacks together account for 28% of breaches.
The most frequent source of a breach is still compromised credentials (19%), followed by phishing (16%), which was the most expensive with an average cost of $4.91 million.
Financial services, industrial, transportation, and healthcare sectors were among the most impacted by cyberattacks leading to data breaches.
The average breach cost in the healthcare sector has increased by nearly $1 million to reach $10.1 million between 2021 and 2022.
The average data breach lifecycle to identify and contain a supply chain compromise has increased to 303 days as opposed to the global average of 277 days.
Identifying the gap
Businesses need to prioritize thorough testing of incident response playbooks to reduce the impact of these cyberattacks.
Unfortunately, the report states that as many as 37% of the studied organizations have incident response plans but don’t test them regularly.
About 62% of the organizations studied stated that they are understaffed. Organizations are losing out an average of $550,000 more in data breach costs than sufficiently staffed businesses.
The share of organizations deploying zero-trust has grown from 35% in 2021 to 41% in 2022.
Organizations that have implemented security AI and automation have incurred $3.05 million less in average data breach costs than those that have not automated their security.
Strategies and Solutions
The global average cost of mitigating a data breach has reached an all-time high and it keeps getting worse year on year. From increasingly adopting zero-trust infrastructure to leveraging threat intel services, many steps can be taken by organizations to parry off a threat. The Global Head of IBM Security X-Force noted that more “businesses need to put their security defenses on the offense and beat attackers to the punch.” According to him, businesses rather than trying to perfect their methods should invest in detection and response, which is likely to reduce the number of breaches.