The Cost of a Data Breach Report – an independent report conducted by the Ponemon Institute and published by IBM Security® – was recently released, revealing the grim yet also not surprising news that the cost of breaches have risen once again in 2022. Data breach costs have clocked in at an all-time high of $4.35 million, a 2.6% increase from the 2021 report at $4.24 million, and have climbed 12.7% from $3.86 million in the 2020 report.
For the 12th year in a row, healthcare organizations continue to top the list of the most expensive data breaches, increasing in cost by nearly $1 million per cyber breach to reach a record high of $10.10 million – an astounding increase of 41.6% since the 2020 report.
But, it’s not only the healthcare industry, almost all verticals saw an increase in data breach costs, with only four industries – pharmaceuticals, transportation, media, and hospitality – seeing a slight decrease.
Organizations affected by data breaches feel the pain of breach costs, and according to the study, 83% of organizations have been attacked more than once – just 17% said this was their first data breach. With the impact of breaches weighing so heavily on organizations, many of them are passing along the costs to their customers in the form of an invisible cyber tax. IBM reports that 60% percent of firms that suffered a cyber attack resulted in price hikes for their customers.
“What stands out most in this year’s findings is that the financial impact of breaches is now extending well beyond the breached organizations themselves,” said Head of Strategy, IBM Security X-Force, John Hendley. “The cost is trickling down to consumers. In fact, if you consider that two or three companies within a supply chain may have suffered a breach and increased their prices, there’s this multiplier effect that’s ultimately hitting the consumer’s wallet. Essentially, we’re now beginning to see a hidden ‘cyber tax’ that individuals are paying due to the growing number of breaches occurring today compounded with the more obvious disruptive effects of cyberattacks.”
When asked why the costs of data breaches continue to grow, Hendley emphasizes the lack of security specialists available to handle the attacks. The report found that 62% of firms were not sufficiently staffed, which is why we are seeing a continued spike in data breach costs.
Causes of a Breach
When analyzing how data breaches occur, credentials remain one of the most sought-after pieces of information for hackers, and this trend continued in 2022. IBM’s report revealed that the use of stolen or compromised credentials was the most common cause of a data breach, accounting for 19% of the breaches in 2022. This attack vector averaged $4.5 million per data breach, the longest lifecycle of 243 days to identify the breach, and an added 84 days to contain it.
Phishing was the second most common cause at 16%, but also the most expensive, averaging $4.91 million in costs.
Ransomware attacks caused 11% of the breaches in 2022, a growth rate of 41% and an average cost of $4.62 million, which is slightly higher than the overall average of 2022’s report, $4.35 million. They also took 49 days longer than average to identify and contain.
It seems Covid has left its mark on everything, including data breach stats. Employees shifted to remote work during the pandemic, and now, as 44% of American companies are allowing remote work of any kind, networks have become more susceptible to hackers. The study shows that when remote work was a factor in causing a breach, the costs were nearly $1 million greater than when remote work was not a factor.
Any Good News?
As bleak as the data breach statistics may be, there are promising methodologies and technologies that organizations can implement to help reduce the cost of data breaches.
- AI platforms, a DevSecOps approach and use of an incident response (IR) team were the three factors associated with the highest cost decrease of a data breach. For example, breaches at organizations with AI platforms had an average cost that was $300,075 less than the mean cost of a data breach of $4.35 million.
- Extensive use of encryption was the fourth largest cost savings in a data breach at $252,000.
“With the increasing amount and value of data being hosted in cloud environments, organizations should take steps to protect cloud-hosted databases. Mature cloud security practices were associated with breach cost savings of $720,000 compared to no cloud security practices. Use data classification schema and retention programs to help bring visibility into and reduce the volume of sensitive information that’s vulnerable to a breach. Protect sensitive information using data encryption and fully homomorphic encryption.”
Encryption and Tokenization
Every organization gathering payment and consumer data is a target for hackers – whether in healthcare, higher education, retail, government or manufacturing. As this year’s report shows, cyber thieves are successfully deploying a variety of attack vectors to breach systems and networks, resulting in more breaches at a higher cost to the compromised companies and to consumers.
Companies need to have a full cybersecurity strategy to protect every endpoint, but key is ensuring that all data gathered is secured with technologies such as point-to-point encryption (P2PE) and tokenization. Both render payment, Protected Health Information (PHI) and Personally Identifiable Information (PII) useless in the event of a breach, since they ensure that sensitive data does not exist as clear-text.
Bluefin is an industry leader in PCI-validated P2PE and tokenization, with over 35,000 merchants in 60 countries using our products and solutions hosted by 300 global partners. We can help your organization implement the best data devaluation strategy to mitigate the effects of data breaches, reduce your regulatory scope and protect your brand. Learn more about our products and get started today.