Technology is seeping into all aspects of daily life. With more people spending more time on their devices every day, online privacy is a very real concern. Many legal, medical, and financial records are now filed virtually on hard drives and cloud servers. This is troubling because reported instances of cybercrime have increased dramatically in recent years. Cybersecurity should be a top priority for all organizations, as the cost of a data breach can cripple even the most financially stable among them.
For nearly two decades, IBM Security has worked with the Ponemon Institute to publish their annual Cost of a Data Breach Report. This report serves to identify trends, offer insights, and give a detailed update on the current state of business cybersecurity.
Last year’s report included data from over 3,600 interviews with 550 organizations across 17 countries that experienced a data breach between March 2021 and March 2022. It defines a data breach as an electronic or physical event which puts an individual’s name, debit card, or medical and financial records at risk. This report documented breaches of up to 102,000 compromised records—lost or stolen copies of healthcare policies, credit card details, or other personally identifiable information (PII). Here are some key takeaways from this report.
From 2020 to 2022, the average cost of a data breach increased from $3.86 million to $4.35 million (12.7%). The top five industries for average total breach cost were healthcare, financial, pharmaceutical, technology, and energy. Keep in mind that the healthcare industry is highly regulated, and the US government considers it to be critical infrastructure.
The average total cost for healthcare industry breaches rose from $9.23 million in 2021 to $10.1 million in 2021, a 9.4% increase. This was the 12th consecutive year that the healthcare industry saw the highest industry average cost for a data breach. The average cost of a data breach in the financial and industrial industries saw a 4.4% and 5.4% increase, respectively. Fortunately, the average data breach cost decreased in the media, hospitality, transportation, and pharmaceutical industries.
The 2022 Cost of a Data Breach Report breaks down costs into four main categories. For the first time in six years, detection and escalation held the largest share of data breach costs. At an average cost of $1.44 million, it accounted for over 33% of the total cost of a data breach between 2021 and 2022.
The second most expensive element of breaches from 2021 to 2022 was lost business. It accounted for nearly 33% of the average total cost at $1.42 million. Lost business arose from system downtime, lost customers, revenue deficits, business disruptions, and reputation damages. The report also documented notification and post-breach response expenses. Notification and post-breach response accounted for about 7% and 27% of costs, respectively.
Data breaches become much more costly the longer they go unaddressed. The security breach cycle includes the amount time between the first incidence of a data breach and its final containment. It took an average of 277 days to detect and contain a data breach in 2022, down 3.5% from 287 days in 2021. Those addressed in less than 200 days cost companies an average of $1.12 million (26.5%) less to resolve.
Another encouraging fact was that proactive preparation had a significant impact on overall damage. Companies with advanced security systems suffered considerably lower costs from data breaches compared to those without. For instance, those that deployed zero trust systems saved an average of nearly $1 million in data breach costs.
Data breaches are a big deal. They can lead to lost business and compromised reputations, not to mention identity theft and legal consequences. Unfortunately, as companies bring more of their systems online, their risk of data breaches tends to increase.
Cybersecurity is no longer optional for modern organizations. If you’re worried about the cost of a data breach for your company, then please feel free to schedule a call or contact us online. We can give you the security needed to reduce your risk of suffering a costly data breach in the future.