IBM Security has released its annual Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations.
With breach costs increasing nearly 13 percent over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60 percent of studied organizations raised their product or services prices due to the costs of a breach.
The IBM report finds that 83 percent of studied organizations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50 percent of breach costs are incurred more than a year after the breach.
The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.
Other key findings in the 2022 report include:
- Critical infrastructure lags in zero trust – almost 80 percent of critical infrastructure organizations studied don't adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. 28 percent of breaches amongst these organizations were ransomware or destructive attacks.
- It doesn't pay to pay – ransomware victims in the study that opted to pay threat actors' ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
- Security immaturity in clouds – 43 percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments.
- Security AI and automation leads as multi-million dollar cost saver – participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.