The global average cost to mitigate cybersecurity issues resulting from a data breach increased to an all-time high of $4.35 million and could be contributing to current inflation trends, according to the latest annual report from IBM.

The “2022 Cost of a Data Breach Report” found 60 percent of studied organizations raised their product or services prices because of a breach. The report analyzed 550 organizations that suffered a data breach between March 2021 and March 2022, with research conducted by the Ponemon Institute.

IBM has studied data breaches in the United States the last 17 years. In 2021, the average cost of a breach was $4.24 million.

New to this year’s report was a look at the effects of supply chain compromises and the security skills gap. While organizations that were breached because of a supply chain compromise were relatively low (19 percent), the average total cost of such a breach was $4.46 million.

The average time to identify and contain a supply chain compromise was 303 days, opposed to the global average of 277 days.

The study found the average data breach cost savings of a sufficiently staffed organization was $550,000, but only 38 percent of studied organizations said their security team was sufficiently staffed.

Of note, the “Cost of Compliance Report 2022” published by Thomson Reuters Regulatory Intelligence earlier this month found staff shortages have been driven by rising salaries, tightening budgets, and personal liability increases.

The IBM study included 13 companies that experienced data breaches involving the loss or theft of 1 million to 60 million records. The average total cost for breaches of 50-60 million records was $387 million, a slight decline from $401 million in 2021.

For a second year, the study examined how deploying a “zero trust” security framework has a net positive impact on data breach costs, with savings of approximately $1 million for organizations that implemented one. However, only 41 percent of organizations surveyed deployed a zero trust security architecture.

Organizations with mature deployment of zero trust applied consistently across all domains saved more than $1.5 million on average, according to the survey.

Almost 80 percent of critical infrastructure organizations that did not adopt a zero trust strategy saw average breach costs rise to $5.4 million.

The study also found it doesn’t pay to pay hackers, with only $610,000 less in average breach costs compared to businesses that chose not to pay ransomware threat actors.

Organizations that fully deployed a security artificial intelligence and automation incurred $3.05 million less on average in breach costs compared to those that did not, the biggest saver observed in the study.

“Businesses need to put their security defenses on the offense and beat attackers to the punch,” said Charles Henderson, global head of IBM Security X-Force, in a press release announcing the study. “It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks.”

Jeff Dale is Managing Editor, Editorial Projects and Analytics, at Compliance Week. He previously served as Compliance Week's Digital Editor and has worked as a copy editor at the Boston Herald and city editor at The Hour Publishing Co. in Norwalk, Conn.View full Profile

More from Jeff Dale

Topics