The latest report by IBM and Ponemon Institute reveals that the average total cost of a data breach reached an all-time high of USD 4.35 million in 2022 which is an increase of 2.6% from last year and a 12.7% increase from USD 3.86 million in 2020.
Healthcare breach costs have been the most expensive for the last 12 years, increasing by 41.6% since 2020. Healthcare breach costs hit a new record high with the average breach costs increasing by nearly USD 1 million to reach USD 10.10 million. Financial organizations had the second highest costs with an average of USD 5.97 million followed by pharmaceuticals at USD 5.01 million, technology at USD 4.97 million, and energy at USD 4.72 million.
Among countries and regions, the top five regions with the highest average costs of data breaches are the United States at USD 9.44 million, the Middle East at USD 7.46 million, Canada at USD 5.64 million, the United Kingdom at USD 5.05 million, and Germany at USD 4.85 million. The United States has been leading the list for 12 years in a row. Meanwhile, the country with the fastest growth rate over last year was Brazil with a 27.8% increase from USD 1.08 million in 2021 to USD 1.38 million in 2022.
Average data breach costs based on different organizations
83% of surveyed organizations experienced more than one data breach in the past year while 17% experienced their first data breach.
Critical infrastructure organizations
The average cost of a data breach for critical infrastructure organizations like financial services, industrial, technology, energy, transportation, communication, healthcare, education, and public sector industries was USD 4.82 million, USD 1 million more than the average cost for organizations in other industries.
Organizations with security AI and automation
The cost of data breaches in organizations with fully deployed security AI and automation was USD 3.05 million less than in organizations without security AI and automation deployment (USD 6.20 million). This difference of 65.2% difference in average breach cost is the largest cost saving in the study. Security AI and automation adoption jumped by nearly one-fifth in two years, from 59% in 2020 to 70% in 2022, indicating that more organizations have started using these technologies owing to the benefits it offers.
Breaches due to ransomware, credential theft, and phishing
There was a 41% increase in ransomware attacks from 2021. However, the average cost of a ransomware attack decreased from USD 4.62 million in 2021 to USD 4.54 million in 2022. The cost of ransomware in 2022 was slightly higher than the overall average total cost of a data breach – USD 4.35 million. The most common cause of a data breach is the usage of stolen or compromised credentials followed by phishing. Stolen or compromised credentials incurred an average cost of USD 4.50 million while the costliest breaches were caused by phishing, averaging USD 4.91 million.
Zero trust architecture
Only 41% of surveyed organizations deployed a zero-trust security architecture. The remaining 59% percent of organizations incurred an average of USD 1 million in greater breach costs compared to those that deployed. 79% of critical infrastructure organizations don’t deploy zero trust and experienced an average cost of USD 5.40 million due to breaches.
Data breaches in the cloud
45% of breaches in the study took place in the cloud. Breaches occurring in a hybrid cloud environment cost an average of USD 3.80 million, compared to USD 4.24 million for breaches taking place in private clouds and USD 5.02 million in public clouds. There was a 27.6% cost difference between hybrid cloud breaches and public cloud breaches.
Businesses with IR plan
Businesses with incident response (IR) teams that tested their IR plan incurred lower average breach costs (USD 2.66 million) than organizations without an IR team and a lack of IR plan testing. Almost 75% of surveyed organizations had an IR plan, while 63% of them regularly tested the plan. Having an IR team and a regularly tested IR plan led to significant cost savings.
Businesses with XDR technologies
Extended detection and response (XDR) technologies were implemented by 44% of organizations and these organizations were able to benefit from considerable advantages in response times with shortened breach lifecycle of about a month.
Download the entire report here.
Image and source credits: IBM