60% of organizations increased the prices of their products or services due to the breach, at a time when the cost of goods is already skyrocketing around the world due to inflation and supply chain issues . This is clear from the Cost of a Data Breach report by IBM Security, which also reveals that data breaches are more expensive and have greater impact than ever and that the global average cost of a data breach has reached an all-time high of 4.35 million dollars. “Enterprises have to put their security systems on the offensive and beat attackers. It’s time to stop the adversary from achieving their goals and start minimizing the impact of attacks,” said Charles Henderson, Global Director of IBM Security X-Force.
The report has identified the following trends in the organizations studied:
Critical infrastructures are left behind in zero trust – Nearly 80% of the critical infrastructure organizations studied do not adopt zero trust strategies, causing the average cost of breaches to rise to $5.4 million, an increase of $1.17 million compared to that they do. Of these breaches, 28% of the breaches were ransomware or destructive attacks.
It is not profitable to pay – Ransomware victims in the study who opted to pay the ransom only saw a $610,000 decrease in average breach costs compared to those who chose not to pay, not including the ransom cost. Considering the high cost of ransom payments, the financial cost may be even higher, suggesting that simply paying the ransom may not be an effective strategy.
Security immaturity in the clouds- 43% of the organizations studied are in the early stages or have not started to implement security practices in their cloud environments, seeing more than $660,000 on average in breach costs for organizations with mature security in their cloud environments.
AI and security automation key to multi-billion dollar cost savings – Organizations that fully deployed security and automation AI incurred an average of $3.05 million less in breach costs compared to analyzed organizations that have not deployed the technology, the highest cost savings seen in the study.
The price of data breaches reaches its highest level
Concern about attacks on critical infrastructure seems to have increased around the world in the last year. In fact, ransomware and destructive attacks are revealed to have accounted for 28% of breaches in critical infrastructure organizations studied. Despite the call for caution, and a year after the Biden Administration issued an executive order on cybersecurity focused on the importance of taking a zero-trust approach to bolstering the nation’s cybersecurity, the report found, only 21 % of critical infrastructure organizations studied adopted a zero trust security model. Additionally, 17% of breaches in critical infrastructure organizations were due to a trading partner being initially compromised, highlighting the security risks posed by over-trust environments.
The report also shows that hybrid cloud environments are the most prevalent infrastructure (45%) among organizations participating in the study. With an average of $3.8 million in breach costs, companies that adopted a hybrid cloud model saw lower breach costs. The report also highlights that 45% of the breaches studied occurred in the cloud, highlighting the importance of cloud security. However, a significant 43% of organizations said they are only in the early stages or have not started implementing security practices to protect their cloud environments, noting higher breach costs. Other findings of the report include:
Phishing becomes the costliest cause of breaches – While compromised credentials remained the most common cause of a breach (19%), phishing was the second (16%) and most costly cause, costing $4.91 million on average across participating organizations. study.
The costs of breaches in the health sector reach double digits for the first time in history– For the twelfth year in a row, healthcare participants suffered the costliest breaches of all sectors, with the average cost increasing by nearly $1 million to a record $10.1 million.
Insufficient security personnel – 62% of organizations admitted they don’t have enough staff for their security-related needs, translating to an average of $550,000 more in breach costs compared to those who do.