The Cost of Data Breaches on Businesses
Summary: IBM recently released their 2022 Cost of Data Breach Full Report. This report surveyed over 3,600 individuals to get a better understanding of the impact and cost that data breaches had on organizations in 2022. With 83% of these organizations reporting a data breach in the last year, and the average cost of breaches rising to $4.35 million, there is a lot to be gleaned from the data in this report as well as an overall opportunity to decrease the risk of a breach.
The industry and speed of response greatly Impact the cost of data breaches
In a study from March 2021 through March 2022, the average cost of a data breach increased by 2.6%, from the previous study concluding in 2021, to $4.35 million. Since 2020, the average cost has risen by 12.7%. While this is the overall average cost of breaches, depending on the type of breach, the type of organization, as well as an organization’s ability to mitigate the breach risk greatly impacted the overall cost. Organizations in critical infrastructure industries (such as financial institutions, technology, communications, industrial, and education) saw an average cost of $4.82 million.
An organization’s ability to quickly identify and respond to breaches also greatly impacted the cost of the breach. For the ones that could identify and respond in less than 200 days, saw an average cost of $3.74 million while ones that took longer than 200 days saw an average cost of $4.86 million.
The Organizations that had little no compliance standards had the greatest financial impact with an average data breach cost of $5.56 million. Compliance standards that IBM assessed were things like number of remote working staff, the impact of IoT devices within the company, crisis management strategies, security technology, incident response teams, penetration testing, and other security practices. Implementing good security hygiene for a remote or hybrid workforce, understanding IoT devices impact on the business, and creating an incident response team are simple first steps to improving an organization’s security compliances.
The cost of these breaches wasn’t just felt by the organization either. Of those surveyed, 60% of the breaches caused businesses to raise costs that were passed on to their customers. A breach has consequences beyond just the financial impact on a business. It will affect the reputation as well as potential ability to sell to consumers.
Ransomware, supply chain attacks some of top causes of breaches
It is not a question of if, but when, an organization will experience a data breach. The IBM survey found that 83% of organizations had one or more data breaches with only 17% saying that the breach in 2022 was their first.
There were a variety of types of data breaches in 2022 among all industries. Ransomware attacks and supply chain attacks saw an increase in popularity among threat actors, however, IT failure and destructive attacks were the most common types of breaches at over 20% each.
These breaches saw many causes with the top five being stolen or compromised credentials (19%), phishing (16%), cloud misconfiguration (15%), vulnerability in third-party software (13%), and malicious insiders (11%).
The causes also saw a direct correlation with data breach costs. Phishing had an average cost of $4.91 million and email comprise, while only causing 6% of data breaches, cost an average of $4.89 million. The key similarity between these two most expensive causes of breaches is the mean time to identify and contain the breach is longer than other causes.
The opportunities to mitigate risks and reduce costs
Have a breach response plan
The average breach life cycle, or the amount of time to identify and contain a breach was 277 days, with ransomware attacks being 49 days longer on average and supply chain breaches being 26 days longer on average. The breach life cycle is a critical factor in reducing the cost of a breach. As previously mentioned, breaches that were identified and contained faster saw a lower cost. To minimize costs and other damages from a breach, then, companies need to shorten the breach life cycle and be prepared with a response plan ahead of time.
An organization’s ability to respond to a breach quickly could be worth millions. Data breach response planning is a smart strategy for businesses to be prepared in the event of a data breach. Working to mitigate risks involves finding vulnerabilities, securing operations, and creating an incident response team, among other strategies. Organizations with an incident response team saw an average savings on data breaches of $2.66 million.
Use technological solutions
Beyond a pre-data breach planning strategy, businesses should also turn to technology to help mitigate the risk of breaches. Cloud based breaches saw a rise in 2022, with 45% of breaches being on cloud services. Organizations that employ cloud security technology to help identify and fix vulnerabilities within those cloud services can help mitigate breaches on those platforms. Breaches caused by stolen credentials, phishing, and human error, as well as the rise in remote workers, should have organizations looking for solutions like VPNs, password managers, and multi-factor authentication for accessing business systems.
Partnering with IDX can provide your organization with multiple levels of risk mitigation for data breaches. Not only do they provide simple privacy tools for your employees and members, such as password managers, social media monitoring, dark web scanning, and a VPN, but they also offer comprehensive data breach response services. Don’t let your business be another negative statistic. Protecting your organization from the damages of a data breach requires proactive measures.
About IDX
We're your proven partner in digital privacy protection with our evolving suite of privacy and identity products.