IBM report: Inflation-causing data breach costs are rising

According to IBM's most recent annual report, the average cost to mitigate cybersecurity issues brought on by a data breach increased to an all-time high of $4.35 million and may be influencing current inflation trends.

According to the "2022 Cost of a Data Breach Report," 60 percent of surveyed organizations increased the cost of their goods or services as a result of a breach. The Ponemon Institute's research was used to analyze 550 businesses that experienced data breaches between March 2021 and March 2022.


For the past 17 years, IBM has researched data breaches in the US. An average breach cost $4.24 million in 2021.


An examination of the consequences of supply chain compromises and the security skills gap were new additions to this year's report. Although the percentage of organizations that experienced a breach due to a supply chain compromise was low (19%), the average total cost of such a breach was $4.46 million.

Compared to the global average of 277 days, the average time to detect and contain a supply chain compromise was 303 days.


Only 38% of the organizations studied said their security team was adequately staffed, despite the study finding that an adequately staffed organization could save an average of $550,000 from data breaches.


What is noteworthy is that the "Cost of Compliance Report 2022" released by Thomson Reuters Regulatory Intelligence earlier this month found that staff shortages have been prompted by rising salaries, constrained budgets, and rising personal liability.


13 businesses were included in the IBM study that had suffered data breaches resulting in the loss or theft of a million to sixty million records. 50–60 million records were compromised on average, costing $387 million, down from $401 million in 2021.


The study looked at how implementing a "zero trust" security framework has a net beneficial effect on data breach costs, with savings of about $1 million for organizations that implemented one, for the second year. However, only 41% of the organizations that participated in the survey implemented a zero trust security architecture.


According to the survey, companies that have a well-developed deployment of zero trust applied consistently across all domains saved, on average, more than $1.5 million.


The average cost of a breach increased to $5.4 million for the nearly 80% of critical infrastructure organizations that did not implement a zero trust strategy.


In addition, the study found that paying hackers results in only a $610,000 average reduction in breach costs when compared to businesses that decide not to pay ransomware threat actors.


The biggest cost saver found in the study was for organizations that fully implemented a security artificial intelligence and automation, which resulted in an average reduction of $3.05 million in breach costs.


Charles Henderson, global head of IBM Security X-Force, said in a press release announcing the study, "businesses need to put their security defenses on the offensive and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks."