What is the cost of not having a secure backup? The annual report on the cost of data breaches, or the Cost of a Data Breach Report, provides insight into this. This report is independently produced by the Ponemon Institute and is sponsored, analyzed, and published by IBM Security. Its main objective is to provide information about the factors influencing the increase or decrease in the cost of data breaches, so that it can be used by companies specializing in IT services, risk management, and security.
The report analyzes the causes, consequences (both short- and long-term), and technologies that helped companies limit their losses from data breaches. The 2022 report highlights 13 key findings:
INCREASED COSTS
- Increased Average Cost of Data Breaches
Compared to 2021 figures, this year saw a 2.6% increase in the average cost of a data breach, bringing the total to $4.35 million.
2. Higher Costs for Critical Infrastructure Companies
According to the report, critical infrastructure companies face an average cost of $4.82 million due to data breaches. These companies include those in financial services, industrial sectors, technology, energy, transportation, communications, healthcare, education, and the public sector. Of these, 28% experienced destructive attacks or ransomware, and 17% had data breaches caused by one of their partners.
3. Higher Costs Linked to Remote Work Attacks
The report details that if the attack is linked to remote work, the average cost increases by $1 million. These attacks cost $600,000 more than the global average.
4. Higher Costs for Data Breaches in the Healthcare Sector
The healthcare sector had one of the highest average costs for data breaches, with an increase close to $1 million, bringing the average to $10.10 million. For 12 consecutive years, healthcare has been the costliest sector for data breaches.
Financial organizations ranked second with an average of $5.97 million per data breach. Pharmaceutical companies followed with $5.01 million, and technology companies with $4.97 million. Finally, energy companies faced an average of $4.72 million per breach.
5. The Country with the Highest Data Breach Costs Is the United States
As in the last 12 years, the United States holds the top spot for the highest costs of data breaches. The five countries and regions with the highest costs are the United States ($9.44 million), the Middle East ($7.46 million), Canada ($5.64 million), the United Kingdom ($5.05 million), and Germany ($4.85 million). Brazil stands out for having the highest cost growth, with an increase of 27.8%.
INCREASED INCIDENTS
6. Most Organizations Have Suffered More Than One Breach
Of the total analyzed, 83% had experienced more than one data breach. This led 60% of these companies to raise the prices of their products or services due to these breaches.
7. Increased Ransomware Attacks
The growth rate for ransomware attacks was identified at 41%. In 2022, ransomware attacks represented 11% of breaches, compared to 7.8% the previous year. Despite the average cost of ransomware attacks decreasing from $4.62 million to $4.54 million between 2021 and 2022, it remains higher than the overall average data breach cost of $4.35 million.
RISK FACTORS
8. Stolen or Compromised Credentials Are the Leading Cause of Data Breaches
A consistent finding since the 2021 report is that stolen or compromised credentials are one of the main causes of data breaches. This factor was responsible for 19% of the breaches analyzed. This risk factor generated an average cost of $4.50 million, which is above the overall average. Additionally, these attacks had the longest life cycle, taking 243 days on average to be identified and another 84 days to contain.
It should also be noted that these were the attacks with the longest lifecycle, as they lasted 243 days until the attack was identified and another 84 days to contain it. On the other hand, the second most frequent cause of data breach was phishing, which occurred in 16% of the cases and generated an average cost of 4.91 million dollars, making it the most costly cause of data breach.
9. Most Companies Lack Zero-Trust Security Architecture, Leading to Higher Costs
According to the report, 59% of organizations lack zero-trust security architecture. This leads to costs that are more than $1 million higher than companies that implement this security model. Among critical infrastructure companies, costs can rise by as much as 79% if they lack zero-trust security, with an average cost of $5.40 million per security breach.
10. 45% of Attacks Occurred in the Cloud
The study found that 45% of recorded attacks occurred in the cloud, generating average costs of $3.80 million for hybrid systems, $4.24 million for private clouds, and $5.02 million for public clouds. In organizations with hybrid cloud systems, attack life cycles were shorter compared to those with public or private cloud systems.
POSITIVE FIGURES
11. Lower Costs for Data Breaches in Companies Using AI and Security Automation
Companies that fully implemented AI and security automation could reduce data breach costs by $3.05 million. The study contrasts an average cost of $3.15 million for companies with AI and automation against $6.20 million for companies without these technologies. It also highlights the savings in time for identifying and containing the attack.
Companies with AI and automation took, on average, 74 days less (249 days) to recover compared to companies without these systems (323 days). Additionally, the implementation of AI and security automation has increased among organizations, from 59% in 2020 to 70% in 2022.
12. Reduced Data Breach Costs for Companies with Regularly Tested Incident Response Teams and Plans
Most companies (63%) confirmed they had a team and a security plan for incident response that was regularly tested. According to the report, this led to significant savings when facing an attack, with an average of $2.66 million less compared to companies without these systems, resulting in a 58% savings.
13. A 10% Reduction in Response Time with XDR Technology
The implementation of XDR technology, observed in 44% of organizations, led to shorter attack life cycles. On average, the attack life cycle was reduced by one month. Companies without this technology had an average response time of 304 days, compared to 275 days for those using XDR.
These staggering figures highlight the sectors and rising costs associated with data breaches. It is also noteworthy that, in most cases, companies experience multiple attacks. For this reason, having a security, backup, and recovery system is indispensable for the proper functioning of businesses.
This is also because a cyberattack can not only be frequent, but in addition to representing its own cost, it can cause operational issues for companies and increase costs depending on the life cycle of the attack.
In summary, the operational and capital consequences for companies can be mitigated if they have a specialized backup and recovery system in place to address the frequent reality of cyberattacks. It is also important to consider the significance of reducing response times by managing a specialized system managed by a service focused solely on this critical area, whose costs increase over time.
Fuente:
IBM Security (2022). Cost of a Data Breach Report 2022https://www.ibm.com/reports/data-breach
EN 
ES