Cost of data breach reaches $4.35 mn: IBM Security

The global average cost of a data breach reached an all-time high of $4.35 million, IBM Security in its annual Cost of a Data Breach Report revealed.
IBM Cloud Pak SecurityBreach costs increased nearly 13 percent over the last two years. The findings suggest these incidents may be contributing to rising costs of goods and services. 60 percent of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.

https://www.ibm.com/security/data-breach

IBM report said 83 percent of studied organizations have experienced more than one data breach in their lifetime.

The report is based on analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.

Almost 80 percent of critical infrastructure organizations studied don’t adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28 percent of breaches amongst these organizations were ransomware or destructive attacks.
Ransomware victims that opted to pay threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.

43 percent of organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments.

Organizations deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.

The report also showcased hybrid cloud environments as the most prevalent (45 percent) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.

The report highlights that 45 percent of studied breaches occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43 percent of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs2. Businesses studied that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains.

While compromised credentials continued to reign as the most common cause of a breach (19 percent), phishing was the second (16 percent) and the costliest cause, leading to $4.91 million in average breach costs for responding organizations.

For the 12th year in a row, healthcare participants saw the costliest breaches amongst industries with average breach costs in healthcare increasing by nearly $1 million to reach a record high of $10.1 million.

62 percent of organizations are not sufficiently staffed to meet security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.