Highlights of the 2022 Cost of a Data Breach Report
With the integration of digital transformation into all areas of the business world, a significant portion of operational processes has moved online. As a natural consequence of the digital transformation, this transition has also created a number of cybersecurity threats for businesses. Storing large amounts of data on cloud-like servers with remote access has increased the risk of data leaks and left organizations vulnerable to cyber threats and data breaches.
While the storage and real-time processing of big data on enterprise IT networks have whetted the appetite of cyber attackers, companies as key players in the business world have had to adopt advanced cybersecurity measures, and apparently they must continue to do so.
Based on today's data and artificial intelligence (AI) results, IBM's "Cost of a Data Breach Report 2022" shows recent information on data breaches caused by various types of security breaches. The 2022 report released by the company shows significant differences from previous years in terms of the cost of data breach attempts and the type of attack surface.
Let's take a look at the important data presented in the 2022 report to better understand where cybersecurity threats are headed and to provide a general framework for the cost organizations can incur from data breaches.
Notable New Findings at First Glance
First, it would be best to explain the scope of the report. The Cost of a Data Breach Report 2022 includes a new analysis of the technological approaches and applications listed below. All of the data gathered during the study is analyzed in light of this conceptual framework.
- Extended Detection and Response (XDR)
- Use of risk assessment techniques
- Case-specific impact of individual technologies
- Cybersecurity policies based on the zero-trust principle, such as identity and access management (IAM) and multi-factor authentication (MFA)
After the conceptual framework mentioned above, let's take a look at the new insights the 2022 report reveals.
- 83% of organizations in the study experienced more than one data breach.
- 60% of companies that experienced a data breach had to increase the price of products and services purchased by customers as a result of the breach.
- 79% of critical infrastructure organizations did not implement the zero-trust principle in their existing cybersecurity protocols.
- The percentage of data breaches resulting from the compromise of a business partner among third parties was 19%.
- 45% of data breach cases involved cloud-based IT systems.
After compiling the report's key findings, it’s useful to address critical points that provide important data in several categories and may be eye-opening for organizations.
Key Findings on the Cost of Data Breaches
IBM's 2022 report shows that the global average cost of a data breach has hit $4.35 million. This cost average, which is the highest on record, represents a 2.6% increase from 2021, and a 12.7% increase from 2020. The average cost was $4.24 million in the 2021 report, up from $3.86 million in 2020.
As we mentioned before, 83% of organizations in the report experienced more than one data breach. Even more interesting, only 17% of these organizations said this was their first data breach. The remaining 66% had already experienced at least one data breach.
The total cost of data breaches for the critical infrastructure organizations studied was found to be $4.82 million on average. In this group comprised of business sectors such as financial services, healthcare, industry, energy, transportation, communications, education, and the public sector, 28% experienced a destructive or ransomware attack. In addition, 17% suffered a security breach due to a data security breach experienced by a business partner.
One of the most striking findings of IBM's 2022 report was related to cost savings. According to the report, breach and automation costs are $3.05 million less in organizations with fully deployed security AI than in organizations with no security AI and automation. The difference in average breach cost of 65.2% shows the difference between $6.20 million and $3.05 million. This data represents the biggest cost savings in the study.
Also, the life cycle of a breach is 74 days shorter for organizations with AI and automation than for organizations without AI and automation (324 days/249 days). The use of AI and automation in security increased from 59% in 2020 to 70% in 2022, an increase of 1/5 in two years.
The United States and the Healthcare Industry Remain at the Forefront
Being a major attack vector for cyber attackers with its negative impact on businesses from multiple directions thanks to their large attack surfaces, the average cost of ransomware attacks is 4.54 million. Ransomware attacks accounted for 11% of data breaches covered in the report, up from 7.8% in 2021. The average cost was $4.62 million in the last year.
Data breaches resulting from compromised privileged account credentials accounted for 19% of the data breaches in the study. Caused by both internal and external threats, these incidents represent the primary attack vector used by hackers. In addition, data breaches caused by tapping into privileged account information are the type of cyber attacks with the longest life cycle. While it takes 243 days to detect a breach resulting from compromised credentials, it takes 84 days to prevent it.
In the 2022 report, phishing was cited as the second leading cause of data breaches, with 16%. This type of attack was recorded as the costliest attack vector with $4.92 million. On the other hand, healthcare has been the sector with the highest cost of data breaches for 12 years in a row. The sector set a new record in the 2022 report: the average cost of security breaches reached $10.1 million, increasing by $1 million.
Preventing Data Breaches with PAM
Thanks to advanced modules, Privileged Access Management (PAM) solutions enable you to prevent data breaches by optimally protecting the access management capabilities of your IT infrastructure with an end-to-end approach. With its modular structure allowing you to implement different cybersecurity protocols, Kron’s PAM solution, Single Connect, provides you with the opportunity to create a high-level defense mechanism for privileged accounts and critical data.
With its Privileged Session Manager, Dynamic Password Controller, Two-Factor Authentication (2FA), Database Manager and Dynamic Data Masking, Privileged Task Automation (PTA), and TACACS+ / RADIUS Access Management modules, Single Connect provides overall protection for your IT infrastructure and helps you monitor access to privileged accounts with real-time control over all transactions.
If you don't want data breaches to catch you off guard and want to minimize potential losses with an advanced PAM solution, you can benefit from Single Connect. Having been featured in reports by leading global research firms such as Gartner, Forrester, KuppingerCole, and Omdia, Single Connect's advanced cybersecurity suite has proven its success in preventing common cyber attack vectors many times over.
If you have any questions, contact our team for more information about the Single Connect suite of products.