Cost of data breaches reaching all-time highs, IBM finds

July 28, 2022

A study by IBM Security has found that the global average cost of a data breach has hit a new high of $4.35m.

The study – which was conducted in partnership with the Ponemon Institute – found that global average breach costs climbed nearly 13% over the last two years with a huge 83% of organisations experiencing more than a single data breach.

The Cost of a Data Breach 2022 report studied around 550 companies impacted by data breaches between March last year and this year.

Security Week highlighted that the report notes there is a ‘haunting effect’ from the after-effects that linger after breaches with more than half of breach costs adding up more than a year after compromise.

The study called attention to costs borne by critical infrastructure organisations within average costs reaching $4.82m. Businesses in the financial services, industrial, energy, transportation, communication, healthcare, education and public sector industries were most heavily impacted by ransomware attacks.

In addition, the study found that about 20% of critical infrastructure firms suffered a breach due to a third-party business partner being compromised.

Of the 550 companies polled for the study, IBM said firms with fully deployed security AI and automation systems fared better, with breach costs about $3.05m less than breaches at organisations with no such defences.

IBM said, “Companies with fully deployed security AI and automation also experienced on average a 74-day shorter time to identify and contain the breach, known as the breach lifecycle, than those without security AI and automation – 249 days versus 323 days. The use of security AI and automation jumped by nearly one-fifth in two years, from 59% in 2020 to 70% in 2022.”

Of the firms who took part, the study found 60% of them did not deploy zero trust security measures, pushing up breach costs. For the 12^th year in a row, the study found that the healthcare industry had the highest average cost of breach, while the financial services industry had the second.

The study also found that organisations that fell victim to ransomware attacks did not reduce costs significantly, even after paying ransom demands to retrieve valuable data.