Data breach costs $4.3 million as companies pass money on to customers

The average cost of a data security breach reached another record high of $4.35 million per incident, up 12.7% over the past two years. And some companies are distributing money to customers, even as the cost of products and services rise amid inflation and supply chain restrictions.

This year’s figure rose 2.6% from Last year $4.24 million per breachAccording to IBM’s Cost of Data Breach 2022 report, which also revealed that 83% of companies surveyed have experienced more than one data breach. The report, conducted by the Ponemon Institute, analyzed 550 organizations across 17 global markets affected by data breaches between March 2021 and March 2022.

Only 17% said this was their first breach. In addition, 60% said they raised the price of their products and services due to the losses they suffered from the data breach. They also continued to take losses long after the breach, with nearly half of those costs incurred more than a year after the accident.

Organizations in the United States had the highest average cost of breaching crime, increasing by 4.3% to $9.44 million, followed by the Middle East with an average cost of $7.46 million this year, up from $6.93 million in 2021. Canada and the Kingdom United, Germany combined the top five, with losses averaging $5.64 million, $5.05 million and $4.85 million per breach, respectively.

Six markets, including Japan, South Korea, and France, of the 17 analyzed, experienced a decrease in their average cost of penetration.

Supply chains, user credentials fuel attacks

Across the board, companies took an average of 207 days to identify the breach and 70 days to contain the breach, down overall from last year’s average of 212 days to identify the breach and 75 days to contain the breach.

About 19% of the violations were a result Supply Chain Attacks, costing an average of $4.46 million and recording a lifecycle 26 days longer than the global average of 277 days, which measures the combined time to identify and contain a data breach. The breaches in the supply chain were caused by the business partner being the first point of settlement.

Human errors, which included negligent acts by employees or outside contractors, accounted for 21% of the incidents, while IT failures – the result of downtime or failures in the company’s IT systems resulting in data loss – were behind 24% of the violations. The latter included errors in source codes or process failures, such as errors in automated communication.

About 11% of the breaches were ransomware, up from 7.8% last year and with a 41% growth rate, but the average cost of such attacks has fallen slightly to $4.54 million from $4.62 million in 2021.

The report found that attacks from stolen or compromised credentials remained the most common cause of data breaches, accounting for 19% of all incidents this year. Violations from stolen or compromised credentials cost an average of $4.5 million per incident and have the longest lifecycle of 243 days to identify and 84 days to contain the breach.

Phishing was the second most common cause of data breaches, accounting for 16% of all attacks, but it was the most costly with an average of $4.91 million in losses.

Among sectors, healthcare suffered a record-high average cost of $10.1 million, an increase of nearly $1 million over 2021 and capped its ranking as the most expensive industry. In fact, sector penetration costs are up 41.6% since 2020.

The financial services sector had the second highest average penetration cost with $5.97 million, followed by the pharmaceutical, technology and energy sector with $5.01 million, $4.97 million and $4.72 million, respectively.

The average cost of penetration for organizations managing critical infrastructure was $4.82 million, which is $1 million more than the average cost for organizations in other sectors. Critical infrastructure companies were from sectors including financial services, energy, transportation, healthcare, and government.

Among these organizations, 28% experienced a devastating or ransomware attack, and 17% indicated that a supply chain partner was at risk.

Mitigating losses with described security strategies

The IBM study also examined differences in the impact of a data breach between companies that adopted and did not adopt security strategies and technologies, such as zero-trust, extended detection and response (XDR) and artificial intelligence (AI).

The report indicated that nearly 80% of critical infrastructure enterprises without a distrust strategy It saw a higher average breach cost of $5.4 million, or $1.17 million more than those that adopted no-trust frameworks. Across the board, 41% of organizations said they deployed the Zero Trust Security Framework, up from 35% last year, while the remaining 59% did not.

In addition to those posted AI security and automation The tools saw penetration costs $3.05 million lower than their peers who did not implement any of these tools. It also took 74 days longer to identify and contain the breach than those that had adopted AI and security automation techniques.

The number of organizations using such tools reached 70% this year, up from 59% in 2020.

In addition, 43% of companies that were in the early stages or not yet deployed Security practices across their cloud platforms It saw losses of at least $660,000 higher on average than those with mature cloud security environments.

About 44% of the breaches in the study occurred in the cloud, with those occurring in a mixed cloud environment costing an average of $3.8 million, compared to $4.24 million for breaches in private clouds and $5.02 million in public clouds.

At a rate of $4.99 million per accident, Violations related to remote work It also cost an average of nearly $1 million more in breaches where telecommuting was not a factor.

About 44% of companies implemented XDR technologies and experienced shorter hack life cycles of about a month, on average, compared to peers who did not deploy such tools who took 304 days to identify and contain the breach.

Among the organizations that have been hit by ransomware attacks, The ones that paid It reported $610,000 lower violation costs – excluding the cost of the ransom – compared to those that chose not to pay.

Additionally, 62% of the companies that said they did not have enough employees to support their cybersecurity needs saw an average of $550,000 in hack costs higher than those that were staffed enough.

Related Coverage

Related Articles

Back to top button