A new report from IBM Security today reveals that data breaches are costlier and more impactful than ever before.

IBM Security’s 2022 Cost of a Data Breach Report, based on analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022, found that the average cost of a data breach has hit an all-time high of $4.35 million.

Figures relating to large companies and the cost involved in dealing with data breaches may seem academic to many, but interestingly the report suggests that the increasing cost of these incidents — up 13% over the last two years — is contributing to rising costs of goods and services. Sixty percent of studied organizations raised their product or service prices after experiencing a data breach. Those increases come at a time the cost of goods is already increasing from inflation and supply chain issues.

Data breaches were also found not to be one-offs, with 83% of studied organizations having experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.

Whether companies are exclusively to blame for lax cybersecurity is arguable, but many were found lacking in adopting cutting-edge and more modern security practices. Eighty percent of critical infrastructure organizations studied were found to have not adopted zero-trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared with those that do.

Companies either in the early stages or who have not started applying security practices across their cloud environments were found to have $660,000 higher average breach costs than studied organizations with mature security across their cloud environments.

Conversely, organizations that have fully deployed security artificial intelligence and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.

Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared with those that chose not to pay – not including the cost of the ransom. Given the high price of ransom payments, the report notes, the financial toll may rise even higher, suggesting that paying the ransom may not be an effective strategy.

The most costly form of data breach among the companies studied was found to be phishing. Compromised credentials were the most common cause of a breach at 19% but phishing, accounting for 16% of breaches, led to average breach costs of $4.91 million.

Other highlights in the report included healthcare breath costs hitting double digits for the first time, with an average breach in the sector resulting in a cost of $10.1 million. Insufficient security staffing was noted to be a serious issue, with 62% of organizations saying they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.

“Businesses need to put their security defenses on the offense and beat attackers to the punch,” Charles Henderson, global head of IBM Security X-Force, said in a statement. “It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks.”

Image: IBM Security