July 27, 2022
Average global data breach costs have hit an all-time high.
The cost of a data breach has hit a global high of $4.35 million on average, with consumers ultimately paying the price for these cyberattacks, according to a new report by IBM Security.
IBM’s annual “Cost of a Data Breach Report” revealed that data breach costs have risen by 13% over the last two years, with 83% of organizations having been attacked at least once in their history.
What’s more is that nearly 50% of the breach costs is incurred more than a year after the attack.
Data breach costs include stolen customer credentials, loss of clients, work disruptions, declines in the victim company’s stock price, regulatory penalties, legal expenses, among others.
So what do companies do? Six out of 10 enterprises chose to pass them along to consumers in the form of higher prices for goods and services – at a time when global inflation is rising.
Phishing attacks comprised the costliest breach, with victims incurring costs of nearly $5 million on average. Health care organizations saw the costliest breaches amongst industries with average breach costs increasing by nearly $1 million to reach a record high of $10 million.
IBM’s report analyzed data breaches at 550 organizations globally between March 2021 and March 2022. The research was sponsored and analyzed by IBM Security and conducted by the Ponemon Institute.
AI, zero trust and cloud lower breach costs
One mitigating factor is AI. Enterprises that embed AI technologies into their security systems see $3 million in average cost savings compared to those that do not. IBM said this is the “largest cost savings” in the study.
Moreover, companies that use security AI and automation were able to more quickly identify and contain the breach: an average of 74 days faster than enterprises that did not. Currently, 70% of organizations use AI in cybersecurity, up from 59% in 2020.
Zero trust − strategies that trust nothing and no one, with systems continuously validating every stage of an interaction – also help bring breach costs down. But only 41% of companies surveyed has deployed a zero trust security architecture; the rest incurred breach costs that are $1 million higher on average.
Among critical infrastructure organizations, almost 80% do not adopt zero trust strategies, with average breach costs of $5.4 million – or $1.2 million higher than those that do. These are organizations in financial services, industrial, technology, energy, transportation, communication, health care, education and the public sector.
The report also found that 43% of organizations either have not applied security tools to their cloud systems or are only just beginning to explore the idea. Companies with no cloud tools face on average $660,000 in higher breach costs than those with mature security across their cloud environments.
“This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked,” said Charles Henderson, global head of IBM Security X-Force, in a statement.
IBM’s report comes at a time when cyberattacks have become increasingly commonplace, with ransomware leading the trend.
Security company Trend Micro detected and blocked more than 4.4 million ransomware threats in the first quarter of 2022 alone − up 37% from the previous quarter. Notable breaches in the past year include attacks on the San Francisco 49ers, Lincoln College and Italy’s tax agency.
Russia’s invasion of Ukraine has added fuel to the growing cyberattack fire. On the eve of the invasion, Kremlin-linked hackers shut down Viasat modems across not only Ukraine but all over Europe. Cybersecurity firm SentinelOne found several Russian-originating Wiper attacks targeting satellite internet modems in both Ukraine and Germany.