The record-breaking average cost of a data breach

The global ‘DataSphere‘ continues its exponential growth, with more data being created, captured, and replicated than ever before in history. Consequently, it seems logical that organizations try harder to avoid data breaches and leaks, even if not all data is as important or sensitive.

And indeed: we have taken measures and continue to. Data management has become more important, we invest more in data protection, and our cybersecurity strategies evolve as attempts to get to our systems and data become more complicated while the enterprise attack surface continues to grow.

Frequency and average cost of the most common attack vectors causing the breaches, including stolen credentials (19%, $4.5 million), phishing (16%, $4.91 million) and cloud misconfiguration (15%, $4.14 million) – 2022 Cost of a Data Breach Report

Cybersecurity and data protection can’t be an afterthought in an ever more digital economy with an evolving data and threat landscape. We all know it. Right? Moreover, don’t data remain the cornerstone of digital transformation and digitalization, and hasn’t data been called “the new oil” (and more) by many for years?

2022 cost of a data breach report

And, last but certainly not least, isn’t the average data breach cost, taking into account all aspects, really huge? Like something you really want to avoid at all, well, costs?

The evolution of data breach costs – some findings

According to the 2022 edition of IBM’s ‘Cost of a Data Breach’ report, conducted by Ponemon Research, the cost of data breaches indeed hasn’t gone down; well on the contrary.

The seventeenth edition of the ‘Cost of a Data Breach’ report (conducted across seventeen industries in seventeen countries), in fact, shows ‘costlier and higher-impact data breaches than ever before‘.

Organizations that have implemented a zero trust architecture have an average of USD 1 million less in breach costs.

Per the report, the global average data breach cost has even reached a new record high of a whopping $4.35 million, meaning that data breach costs surged 13 percent from 2020 to 2022.

83 percent of organizations have experienced more than one breach while 60 increased prices as a result of a breach - source and courtesy IBM Cost of a Data Breach Report 2022
83 percent of organizations have experienced more than one breach while 60 increased prices as a result of a breach – source and courtesy IBM Cost of a Data Breach Report 2022

The in-depth analysis of the real-world data breaches the report is based on also shows the lingering cost impact of data breaches on organizations confronted with them. Per the IBM and Ponemon Institute report, almost half of all data breach costs are incurred more than a year after the breach.

Data breaches are most often caused by stolen credentials, phishing, and cloud misconfiguration per the report (respectively 19, 16 and 15 percent).

Sixty-two percent of studied organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed – 2022 Cost of a Data Breach Report

You pick up the bill for the cost of data breaches too

It also looks like the costs of the increasingly widespread, impactful, and expensive data breaches that organizations see themselves confronted with partly end up on the consumer’s bill.

Healthcare breach costs surged to $10.1 million, the highest average cost of any industry for 12th year in a row.

According to the report, around sixty percent of the companies studied raised the prices of products and/or services due to a data breach. And this while the inflation and supply chain challenges that companies are facing already lead to increasingly higher costs across the globe, as we all feel.

Extended detection and response (XDR) technologies helped save an average of 29 days in breach response time.

Still, we cannot say that companies are doing everything possible to prevent data breaches or limit their average costs. Maturity in terms of data protection and cybersecurity is still woefully low in some areas. For example, it appears that nearly eighty (80!) percent of the critical infrastructure organizations surveyed do not employ “zero trust” strategies.

And that alone is a pretty saddening finding if we read that the average cost of a data breach rises to $5.4 million in companies without a zero trust strategy, compared to those that apply one and see an average data breach cost of $1.17 million less than the former.

83% of studied organizations have experienced more than one data breach in their lifetime

An interesting finding for those who maybe don’t care too much about cyberthreats from digital ecosystems yet or aren’t too concerned about the rise of supply chain attacks and third-party cyber risks: 19 percent of breaches the report looked at occurred because of a compromise at a business partner.

By comparison: 11 percent were ransomware attacks while stolen or compromised credentials were the primary attack vector.

Download the full report (registration required).