IBM Security has released its 2022 Cost of Data Breach Report. The global median data breach for surveyed organizations hit an all-time high of $4.35 million, revealing more costly and serious data breaches than ever before. Findings suggest these incidents may also contribute to rising costs of goods and services, as the cost of security breaches increased by nearly 13% over the past two years in the annual report. and consumers are paying the price. In fact, 60% of the companies surveyed have raised the price of their products or services as a result of the breach, but inflation and supply chain problems have already caused the cost of goods to skyrocket around the world.
The results suggest that these incidents may also be contributing to rising costs of goods and services, as the cost of security breaches increased by nearly 13% over the last two years of the report. In fact, 60% of the companies surveyed have raised the price of their products or services as a result of the breach, but inflation and supply chain problems have already caused the cost of goods to skyrocket around the world.
Persistent cyberattacks also shine a light on the “high impact” of data breaches on organizations, with IBM reporting that 83% of surveyed organizations experienced two or more data breaches in their lifetime. I’m here. Another factor that will increase over time is the aftermath of security breaches against these organizations. This persists long after it occurs, with about 50% of breach costs occurring more than a year after the breach.
The 2022 Cost of Data Breach Report is based on an in-depth analysis of actual data breaches experienced by 550 organizations around the world between March 2021 and March 2022. The research was sponsored and analyzed by IBM Security and conducted by the Ponemon Institute. Seven of the key findings of the 2022 IBM report are:
- Critical infrastructure lags behind Zero Trust: Nearly 80% of critical infrastructure organizations surveyed do not have a Zero Trust strategy, increasing the average cost of a security breach to $5.4 million. It turns out that there is 28% of security breaches at these organizations involved ransomware or destructive attacks.
- It doesn’t cost money to pay: In this study, ransomware victims who chose to pay the attacker’s ransom demand were more likely to The average cost of a security breach is just $610,000 less. Considering the high cost of paying the ransom, the financial burden could be even greater, suggesting that simply paying the ransom may not be an effective strategy.
- Phishing is the most costly cause of data breaches: While credential compromise remains the most common cause of data breaches (19%), phishing is the second largest (16%) and most costly cause of data breaches. It was the cause. Led by Responder.
- Healthcare data breach costs hit double digits for the first time: For the 12th year in a row, healthcare professionals experienced the most expensive data breaches in the industry. The average cost of a medical data breach increased by almost $1 million to a record high of $10.1 million.
- Inadequate Security Staffing: 62% of organizations surveyed report that they are understaffed to meet their security needs, an average of 550,000 more than organizations reporting adequate staffing A security breach costs a lot of dollars.
- Security immaturity in the cloud: 43% of surveyed organizations are in the early stages or have not yet started implementing security practices in cloud environments. We observe that the cost of a security breach is, on average, over $660,000 higher than the organizations surveyed that are security mature in the cloud. environment.
- Security AI and Automation Lead to Cost Savings of Millions of Dollars: Participating organizations that fully deployed security AI and automation reduced the cost of security breaches compared to those surveyed that did not use the deployed technology. was $3.05 million less on average. the study.
“Companies must take security measures against attacks and defeat attackers. The time has come to stop opponents from achieving their goals and minimize the impact of attacks. IBM Security X-Force Global Head Charles Henderson said, “This report shows that when an organization is under attack, the right strategy combined with the right technology can make all the difference. It shows what it can do.”
Over-trusting Critical Infrastructure Organizations
Concern about targeting critical infrastructure seems to have increased globally over the past year, with many government cybersecurity agencies urging vigilance against destructive attacks. In fact, according to IBM’s report, ransomware and destructive attacks accounted for 28% of breaches in the critical infrastructure organizations surveyed, revealing how attackers could disrupt the global supply chains that depend on these organizations. It is embossed whether you are trying to confuse. These include financial services, industrial, transportation, and healthcare companies.
Despite the warnings, a year after the Biden administration issued a cybersecurity executive order highlighting the importance of adopting a zero trust approach to bolstering the nation’s cybersecurity, and critical infrastructure Only 21% of organizations say their structures have adopted Zero Trust. security model, the report states. Additionally, 17% of security breaches in organizations with critical infrastructure are attributed to the first breach of a business partner, highlighting the security risks posed by an over-trust environment.
Businesses that Pay the Ransom Aren’t Getting a “Bargain”
According to IBM’s 2022 report, companies that paid the attacker’s ransom paid an average of $610,000 less in the cost of a security breach (excluding the ransom paid) compared to those that chose not to pay. . Considering the average ransom payout he reportedly reached $812,000 in 2021, Sophos reports, businesses that choose to pay the ransom could see a higher total cost of ownership. There is nature. It could also inadvertently fund future ransomware attacks with the capital allocated for remediation and recovery in a possible federal crime.
Ransomware persistence is being accelerated by the industrialization of cybercrime, but there are global efforts to prevent it. IBM Security X-Force found that the analysis time for ransomware attacks against organizations has decreased by 94% over the past three years, down from more than two months to just under four days.
These exponentially shorter attack lifecycles can lead to more impactful attacks because the time it takes for cybersecurity incident responders to detect and contain an attack is very short. It is important for organizations to prioritize rigorous testing of their incident response (IR) playbooks in advance, as the time to ransom is reduced to hours. However, according to the report, up to 37% of surveyed organizations with incident response plans in place do not test them regularly.
Hybrid Cloud Advantage
The report also highlights hybrid cloud environments as the most prevalent (45%) infrastructure among surveyed enterprises. With an average cost of compromise of $3.8 million, companies with a hybrid cloud model recorded lower costs of compromise than those with a pure public or private cloud model, with an average of $5.02 million and $424 million. I was. In fact, the hybrid cloud user surveyed was able to detect and contain a data breach an average of 15 days earlier than her global average of 277 days for participants.
The report highlights that 45% of security breaches studied occurred in the cloud, highlighting the importance of cloud security. However, a whopping 43% of organizations that reported said they were in the early stages or had not yet started implementing security measures to protect their cloud environments, observing the high cost of security breaches. increase. Organizations surveyed that did not implement security practices across their cloud environments took an average of 108 days longer to identify and contain a data breach than organizations that consistently applied security practices across their domains.