IBM’s annual Cost of a Data Breach report 2022 has revealed that data breaches are both costlier and having a more significant impact than ever before.
This year’s report surveyed 550 global businesses and found that the average cost of a data breach is $4.35 million, an all-time high. Last year’s figure was $4.24 million, while 2020’s report highlighted an average data breach cost of $3.86 million.
While IBM’s report focuses on the cost to businesses in financial terms, there are widespread impacts on consumers, too. While the direct results of data breaches, like consumers’ data being at risk, may be obvious, there’s also a significant passive impact. For example, IBM’s report revealed that 60% of businesses said they had increased the price of their products or services in the past 12 months as a direct reaction to a data breach.
If a business suffers one data breach, it’ll probably suffer another
IBM’s report also found that repeated data breach incidents were common, with 83% of companies reporting they had suffered more than one breach in their lifetime.
The report also revealed almost half of all data breach costs are incurred more than 12 months after the breach. This timeline may tie into the average time taken to detect data breaches and the time it takes companies to identify what they need to do to remedy any issues. Regulatory fines and loss of stock value are also longer-term issues and will be hugely influential in this respect.
Paying ransomware demands doesn’t add up
One of the most significant debates in the cybersecurity industry over the past 12 to 18 months has been whether businesses should ever pay demands from ransomware groups who hijack systems and steal data.
The consensus is that it’s a bad idea because the threat actors who stole the data then have the opportunity to get paid twice – by the data breach victim and from whomever they decide to sell the data to eventually.
While some businesses pay ransomware demands, this only reduces their average data breach cost by $610,000. However, this figure doesn’t include the ransom itself, so any company paying more than this sum as a ransom is ultimately worse off.
Commenting on this year’s report, Charles Henderson, Global Head of IBM Security X-Force, said: “Businesses need to put their security defenses on the offense and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.
“This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked.”
Report suggests zero trust frameworks are the way forward
One final notable feature of IBM’s report was that businesses using zero trust frameworks lose $1.17 million less, on average, from data breaches than those that don’t. Such a finding might galvanise the 80% of businesses who said they currently didn’t adopt a zero trust approach across their endpoints.