With IBM’s cost of a data breach report, this article summarizes key statistics, findings, industries targeted, and data breach trends in 2022. It provides various steps organizations can follow to reduce the impact of data breaches in 2022 and beyond.
IBM has released its latest “Cost of a Data Breach Report 2022,” which provides an in-depth analysis of the data breach trends and the factors influencing data breaches in industries and organizations worldwide. Let us look at what the report entails and how organizations can enhance their data security following the report’s trends.
Key Findings of IBM Cost of a Data Breach Report 2022
Here are key statistics from IBM’s latest data breach report:
- 83% of organizations were the victim of more than one data breach.
- 60% of the breaches led to increased costs for the customers.
- 79% of critical infrastructure organizations were missing a zero trust architecture.
- 19% of breaches were the result of compromised business partners.
- 45% of breaches occurred on cloud services.
Cost of Data Breaches in 2022
IBM report, a summary of data from 17 countries, is a comprehensive study that has revealed that the cost of data breaches is at an all-time high, with the per-record cost of a data breach reaching its max in the last seven years.
The average data breach cost is $4.35 million, a figure that increases to $4.82 million for data breaches involving critical infrastructures. Furthermore, the costs associated with automated tools and AI security average at $3.05 million, a 12.7% increase from 2020.
The highest average data breach cost is observed in the United States at $9.44 million, followed by the Middle East at $7.46 million, Canada at $5.64 million, the UK at $5.05 million, and Germany at $4.85 million.
Average per record cost of a data breach
(Graph Source: IBM)
Industries that Cybercriminals Target the Most in 2022
Almost all sectors have been victims of data breaches. Cybercriminals have started targeting critical infrastructure industries and can bypass sophisticated security mechanisms, which has increased the costs for detection and escalation, which are now $1.44 million.
Did you know that the healthcare industry has been the top mark of threat artists for 12 years, averaging $10.10 million per breach in 2022? The top five sectors have been unchanged since 2021’s report, including the healthcare, financial, pharmaceuticals, technology, and energy sectors.
Average cost of a data breach by industry
Source: IBM)
Data Breach Lifecycle Changes in 2022
IBM studied over 550 organizations to generate this report, and only 17% of enterprises suffered their first data breach. 83% of organizations have faced data breaches, with an average data breach lifecycle of 277 days. It takes 277 days between the first detection of the breach and its containment. Although this is ten days less than 2021’s average of 287 days, it is a long time for an organization to be affected, increasing various financial troubles, brand reputation damages, and loss of valued clientele.
IBM has discovered that the data breach lifecycle is directly proportionate to the costs associated with the breach, with breaches with a lifecycle of fewer than 200 days costing an average of $3.74 million. Here is a look at the average cost of data breaches as per the breach lifecycle.
Average cost of a data breach based on data breach lifecycle,
(Source: IBM)
Initial Attacks Vectors in Data Breaches
Data breaches in 2022 are most commonly the result of stolen or compromised credentials, credited to 19% of all data breaches, followed by phishing at 16%, cloud misconfigurations at 15%, and vulnerable third-party software at 13%. In addition, stolen or compromised credentials have the longest breach lifetime at 327 days.
Average cost and frequency of data breaches by initial attack vector
(Source: IBM)
As you can see, phishing is the costliest initial attack vector, leading to $4.91 million in costs. BEC (Business Email Compromise) attacks come in at a close second at $4.89 million.
Focusing Your Tech for Protection: How Can Organizations Curb Data Breaches?
There are plenty of factors that affect the cost of any data breach. IBM has outlined 28 distinct factors that influence data breach costs. Here are the most prominent ones:
- Security AI and Automation: Automation and AI have streamlined processes by replacing the need for humans. Human elements used various tools and nonintegrated systems, increasing overheads and complexity. Organizations with fully or partially deployed AI increased by 5% this year and incurred lower data breach costs at $3.05 million, meaning organizations choosing AI and automation are better protected.
- XDR: The holistic approaches of XDR (Extended detection and response) have paid off for organizations as it allowed them to contain breaches 29 days faster than their counterparts without XDR. XDR capabilities were only implemented by 44% of the organizations but allowed them to save up to 9.2% in average breach costs.
- Incident Response: IR teams significantly reduce the cost of data breaches. 73% of organizations employed IR teams, and the ones with IR teams that tested IR plans reduced their breach costs to $2.66 million.
- Risk Quantification: Looking at financial impacts, data availability, data integrity, and similar risk elements, organizations can assess the loss of productivity, response, recovery, fines, and impact on brand image. Only 47% of organizations prioritize risks in 2022. Still, they are well on the way as risk quantification puts them a step ahead of cybercriminals, saving up to $2.10 million in average data breach costs.
- Zero Trust: IBM’s report has showcased how zero trust policies are a major factor in data breaches. 2022 saw 41% of organizations deploying zero trust architectures which proved an effective step and saved nearly $1 million in costs.
- Ransomware and Destructive Attacks: Ransomware breaches cost $4.54 million, a slight decrease from the prior year’s $4.62 million costs. However, ransomware data breaches have increased in 2022 and take 49 days longer to contain than other data breaches.
- Supply Chain Attacks: Out of 550 organizations, almost 20% were victims of supply chain attacks, with an average cost of $4.46 million. Supply chain attacks are also longer to contain, with a life cycle of 303 days compared to the average of 277.
- Critical Infrastructure: One major finding of IBM’s data breach report was the 79% share of critical infrastructure industries that did not adopt zero trust policies. Ransomware and destructive attacks were responsible for 28% of critical infrastructure attacks. These industries can contain data breaches quicker than others at 204 days. Also, critical industries that employed zero trust architectures reduced their average data breach cost by 24.3%, i.e., by $1.17 million.
Steps to Minimize Data Breaches by IBM
The report also summarizes the cost of data breaches influenced by cloud breaches and models, gaps in skills, and more. To help minimize the financial impact of data breaches, IBM recommends:
- Implement Zero Trust: Adoption of Zero Trust Security models to protect sensitive data.
- Effective Incident Response: Creating and testing IR playbooks for enhanced cyber resilience.
- Remote Monitoring: Using tools for protecting and monitoring remote workforce and endpoints.
- Cloud Protection: Protection of sensitive cloud data using policy and encryptions with the help of data classification schemas and tracking governance requirements.
- Using Tools: Investing in effective SOAR (Security Orchestration, Automation, and Response) and XDR tools for detection and response.
Final Words
IBM’s data breach report and findings have provided a look into the current scenario for organizations suffering data breaches. Following the report and inculcating the critical steps above can help organizations strengthen their cybersecurity and data security suite, helping them avoid major data breaches now and for the foreseeable future.