Data breach costs reach all-time high
By Adam FreillConstruction Health & Safety Risk Management
Most breached businesses raised product prices post-breach; vast majority of critical infrastructure lagging in zero trust adoption.
The global average cost of a security data breach has reached an all-time high of $4.35 million US, reports IBM Security. That’s an increase of nearly 13 per cent over the past two years. In US-dollars, the top five countries and regions for the highest average cost of a data breach were the United States at $9.44 million, the Middle East at $7.46 million, Canada at $5.64 million (C$7.26 million), the United Kingdom at $5.05 million and Germany at $4.85 million.
In the most recent edition of its annual Cost of a Data Breach Report, IBM Security suggests these incidents may also be contributing to rising costs of goods and services. In fact, 60 per cent of studied organizations raised their product or services prices due to a breach.
The perpetuality of cyberattacks is also shedding light on the “haunting effect” data breaches are having on businesses. The IBM report found that 83 per cent of organizations in their research have experienced more than one data breach in their lifetime, and nearly half of breach costs are incurred more than a year after the breach.
Some of the key findings about critical infrastructure organizations in the 2022 IBM report include the fact that almost 80 per cent have not adopted zero-trust strategies. These organizations experienced average breach costs roughly 20 per cent higher than the general average, and 28 per cent of breaches amongst these organizations were ransomware or destructive attacks.
Of note is that ransomware victims in the study that opted to pay threat actors’ ransom demands only saw reduction of $610,000 US in average breach costs compared to those that chose not to pay, not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
Overall, 43 per cent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, which brought higher average breach costs than organizations with mature security across their cloud environments.
Organizations that fully deploy security AI and automation incurred $3.05 million US less, on average in breach costs, compared to organizations that have not deployed the technology. This was the biggest cost saver observed in the study.
“Businesses need to put their security defenses on the offense and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks,” said Charles Henderson, global head of IBM Security X-Force. “The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.”
While compromised credentials continued to reign as the most common cause of a breach (19 per cent), phishing was the second (16 per cent) and the costliest cause, leading to $4.91 million US in average breach costs.