Highlights of IBM’s Cost of a Data Breach Report 2022

The IBM Cost of a Data Breach Report is out with new insights into how much data breaches cost businesses and consumers.

Here are some key findings the Ponemon Institute and IBM Security uncovered after analysing data from breaches experienced by 550 organisations around the world between March 2021 and March 2022.

Critical Infrastructure Organisations Low on Zero Trust

The report found that even though more organisations deploy zero trust in 2022 than in 2021, with cost savings of $1 million, a shocking 80% of the critical infrastructure organisations studied said they do not adopt a zero trust security model. This goes against current government advice and leaves them wide open to ransomware and other destructive attacks when the average cost of a breach has increased to $5.4 million – a worrying finding considering that any disruption in this sector has a negative impact on global supply chains.

Hybrid Cloud Better for Breaches

The research also shows clear benefits when it comes to hybrid cloud adoption and cybersecurity. Cloud environments are still one of the most targeted, experiencing 45% of all breaches. Still, encouragingly, organisations with hybrid cloud environments said they were able to identify and contain data breaches around 15 days faster than the global average of 277 days, with breaches costing an average of $3.80 million, compared to $4.24 million for breaches in private clouds and $5.02 million for breaches in public clouds.

Paying Ransoms Is Not the Answer

The study found that when ransoms were paid, the organisations only saw $630,000 less in average breach costs than those that did pay – not including the amount of ransom paid. Add this to the fact that paying isn’t a guarantee that your data won’t suffer loss and corruption and that you could incur penalties for paying cybercriminals in sanctioned countries, and there are more reasons to say no than there are to pay up. The findings suggest that organisations would do better to channel their resources into remediation and recovery instead.

Consumers are Paying the Price

83% of the businesses surveyed experienced more than one breach in their lifetime, with 60% of companies admitting to having to raise prices and pass on the cost of data breaches and ransomware attacks to customers.

The IBM Cost of a Data Breach Report also discovered that:

• XDR technologies helped reduce breach lifecycles by almost a month
• The skills gap cost organisations over half a million dollars in data breach costs
• Deploying security AI and automation equates to paying an average of $3.05 million less in data breach costs
• 62% of studied organisations are not sufficiently staffed to meet their security needs
• Healthcare breach costs rose to $10.1 million, the highest average cost of any industry for the 12th year in a row
• Compromised credentials were the most common cause of a breach, followed by phishing, which was the most costly at $4.91 million per breach.

Learn more about the report’s key findings and best practices you can implement to reduce your cyber risk by downloading the pdf.

Download Report