Companies of all sizes and industries should be concerned about the impacts of a data breach, since, according to the IBM Cost of a Data Breach 2022 report, its average cost is $4.35 million, and 83% of companies had more than one breach.

With this in mind, we prepared an article exploring the main information collected by this document. To facilitate your reading, we divided our text into topics. These are:

• What Is the IBM Cost of a Data Breach Report?
• IBM Cost of a Data Breach 2022 report: What’s New
• Main Data Collected in the IBM Cost of a Data Breach 2022 Report
• Topics with Detailed Results
• Suggested Security Recommendations in the Report
• About senhasegura

Enjoy the read!

What Is the IBM Cost of a Data Breach Report?

The IBM Cost of a Data Breach report is an annual survey of data breaches, which provides insights into hundreds of breaches so that the public can understand current cyber threats.
With nearly 20 editions, this document provides IT professionals with tools to deal with security risks, showing which factors can favor or help prevent cyberattacks.

IBM Cost of a Data Breach 2022 report: What’s New

In its latest edition, the IBM Cost of a Data Breach report has conducted more than 3,600 interviews with professionals from 550 companies that suffered violations between March 2021 and March 2022.
The questions made during the interviews aimed to evaluate the costs of organizations to respond to data breaches in the short and long term.

What’s more: the report has assessed the causes and consequences of the violations that occurred in 17 industries located in different countries and regions, and addressed the impact of certain factors and technologies to reduce losses.

Here are some new things from the IBM Cost of a Data Breach report:

• The 2022 edition has brought analyses related to extended detection and response, the use of risk quantification techniques, and the impacts of individual technologies on zero-trust security structures;
• It analyzed what contributes to higher data breach costs and the effects of supply chain commitments and the gap in security skills;
• It examined areas of cloud security vulnerability to critical infrastructure;
• It assessed, in greater depth than in previous years, the impacts of ransomware and destructive attacks; and
• It studied the phenomenon of remote work, which many companies adopted due to the covid-19 pandemic.

Main Data Collected in the IBM Cost of a Data Breach 2022 Report

Check the key findings from the IBM Cost of a Data Breach 2022 report:

• The average cost of a data breach was $4.35 million in 2022, an increase of 2.6% over the previous year, when the average cost was $4.24 million;
  83% of the companies studied suffered more than one data breach and only 17% said this was their first breach;
• 60% of organizations had to increase the price of their services or products because of a data breach;
  The average cost of a data breach for the critical infrastructure organizations surveyed was $4.82 million – $1 million more than the cost for companies from other segments;
• 28% of critical infrastructure organizations have suffered a destructive or ransomware attack, and 17% have been violated because of a compromised business partner;
• Cyberattacks on companies with deployed security and automation AI cost $3.05 million less than violations on organizations that do not invest in these resources;
• The average cost of a ransomware attack fell from $4.62 million in 2021 to $4.54 million in 2022;
  Stolen or compromised credentials remain a leading cause of data breaches, accounting for 19% of breaches in the 2022 study;
• Leaks involving credentials are the ones that take the longest to be detected. On average, 327 days are required for identification and remediation;
• Only 41% of the organizations in the study have deployed zero-trust security architecture;
  Violations related to remote work cost, on average, about $600,000 more if compared to the global average;
• 45% of violations in the study occurred in the cloud;
• The average cost of health-related violations has increased by almost $1 million, reaching $10.10 million;
• The top five countries and regions with the highest average cost of a data breach were the United States, the Middle East, Canada, the United Kingdom, and Germany.

Topics with Detailed Results

The IBM Cost of a Data Breach 2022 report analysis 16 topics. These are:

• Global Highlights;
• Data Breach Lifecycle;
• Initial Attack Vectors;
• Key Cost Factors;
• Security and Automation AI;
• XDR Technologies;
• Incident Response (IR);
• Quantification of Risk;
• Zero Trust;
• Ransomware and Destructive Attacks;
• Attacks on the Supply Chain;
• Critical Infrastructure;
• Cloud Violations and Cloud Model;
• Remote Work;
• Skills Gap; and
• Mega Violations.

The following are five of these topics in detail:

Data Breach Lifecycle

We call the lifecycle of a data breach the time elapsed between the discovery of the breach and its containment.

According to the IBM Cost of a Data Breach 2022 report, the average time to identify and contain a data breach is currently 277 days. In 2017, the average time was 287 days, that is, 3.5% more.

In 2021, it took an average of 212 days to detect a violation and 75 days to contain it. In 2022, it took 207 days to identify the violation and 70 days to contain it.

The report has also shown that the less time an organization takes to identify and contain a data breach, the less its financial impact is.

However, the cost difference between a lifecycle of more than 200 days and a lifecycle of less than 200 days was lower in 2022 than in 2021: in 2021, the difference was $1.26 million, the largest in seven years and, in 2022, it was $1.12 million.

Incident Response

Relying on an incident response team reduces the average cost of a data breach and, according to the IBM Cost of a Data Breach 2022 report, 73% of the companies that participated in the survey claimed to have an incident response plan.

The report also pointed out that the average cost of a violation in these companies in 2022 was $3.26 million versus $5.92 million spent by companies without incident response resources, a difference of $2.66 million. In the previous year, this difference was $2.46 million, and in 2020, $1.77 million.

Zero Trust

The implementation of a zero-trust security architecture was performed by 41% of the companies that participated in the IBM Cost of a Data Breach 2022 report. In 2021, this number was lower: 35%.

The study also revealed companies that deployed zero trusts saved almost $1 million with data breaches when compared to those that did not invest in this concept.

This is because the average cost of a violation was $4.15 million in organizations with zero trust deployed and $5.10 million in companies that did not use the same approach.

When we talk about implementing zero trust in a mature stage, the economy is even greater, reaching more than $1.5 million. Companies with early-stage zero trust practices spent an average of $4.96 million on data breaches, while for those that had these practices consolidated, the average cost was $3.45 million.

Cloud Violations and Cloud Model

The Covid-19 pandemic has accelerated the mass adoption of remote work by organizations and, consequently, the use of technologies such as cloud computing, impacting cybersecurity.

However, the IBM Cost of a Data Breach 2022 report brings interesting data on the subject, which was analyzed for the second year: according to the document, 45% of violations occurred in the cloud. Moreover, the costs of breaches in private clouds are significantly higher than in hybrid clouds.

Another revealing fact is that 43% of companies claimed they were still in the early stages of their practices protecting cloud environments, showing that, in general, organizations still need to evolve a lot.

Nevertheless, the most worrying fact is that 17% of companies have yet to take any action to protect their cloud environments.

Remote Work

Since the beginning of the pandemic, the IBM Cost of a Data Breach report analyzes the impacts of remote work on data breaches. In its 2022 edition, the survey has shown data breach costs were higher for companies that have more employees working remotely.

In practice, companies that have between 81% and 100% of employees working outside the corporate environment had an average cost of $5.10 million. Companies with less than 20% of their team working remotely had to bear an average cost of $3.99 million, a difference of $1.11 million (24.4%).

In addition, the average cost of a data breach was $4.99 million for companies that had remote work as the cause of the breach, while this loss was $4.02 million when remote work was not the cause.

Suggested Security Recommendations in the Report

The IBM Cost of a Data Breach 2022 report also contains important security recommendations on its pages, which can help prevent problems with data breaches. Check them out:

Adopting a Zero Trust Security Model

According to the results of the study, organizations that implemented a zero-trust approach in their security at a mature stage have saved $1.5 million. Therefore, it is convenient to adopt this security model in your company to reduce the financial impacts of a data breach.

Protecting Cloud Environments with Policies and Encryption

Companies that have adopted mature cloud security practices have saved $720,000 compared to those that did not care about the subject. Thus, it is recommended to invest in security policies, data encryption, and homomorphic encryption to prevent data breaches.

Using Incident Response Manuals

Another highly recommended practice is to create and test incident response manuals, as companies that regularly test their plan have saved $2.66 million in violations over those that do not rely on an IR plan team or test.

Improving Incident Detection and Response Times

Added to security and automation AI, Extended Detection and Response (XDR) capabilities contribute to reducing the average costs of a data breach as well as its lifecycle. The study pointed out that companies with XDR deployed have reduced the lifecycle of a violation by 29 days, on average, when compared to organizations that did not implement XDR, saving $400,000.

Monitoring Endpoints and Remote Employees

Finally, the IBM Cost of a Data Breach 2022 report reinforces the need to monitor endpoints and remote workers, showing that violations caused by this modality cost almost $1 million more than violations in which remote work was not a factor.

About senhasegura

We, from senhasegura, are a company specializing in cybersecurity. Our mission is to provide our clients with sovereignty over their actions and privileged information.
To do this, we offer our PAM solution, which helps companies protect themselves from all the threats presented in the IBM Cost of a Data Breach 2022 report.

ALSO READ IN SENHASEGURA’S BLOG
ISO 27001: 4 Reasons to Implement It in Your Company
What to Do to Prevent Social Engineering Attacks?
Top 5 Cyber Threats to Healthcare Organizations