Posts: 14,564 +174
In brief: The average cost of an enterprise data breach has reached an all-time high and more often than not, companies raise the price of products or services after a breach to make up for the loss.
In its annual Cost of a Data Breach Report, IBM Security said the global average cost of a data breach is $4.35 million. That's an increase of 2.6 percent from $4.24 million last year and is up 12.7 percent from $3.86 million in the 2020 report. Worse yet, 60 percent of organizations that participated in the study said decisions to raise prices were directly related to security breaches.
Note that this is only the average. Looking at the outliers, we see that those operating in healthcare experienced the costliest breaches for the 12th year in a row with a record average of $10.1 million per incident.
Few will probably be surprised to learn that 83 percent of organizations have experienced more than one data breach in their lifetime. This is no doubt due in part to the fact that 62 percent of those studied felt they are not sufficiently staffed to meet their security needs.
As for attack vectors, IBM noted that 19 percent of breaches resulted from stolen or compromised credentials. Phishing campaigns led to 16 percent of incidents and were the costliest, leading to an average breach cost of $4.91 million. Misconfigured cloud servers caused 15 percent of breaches.
Speaking of the cloud, the study further found that 45 percent of breaches occurred in the cloud. Hybrid cloud environments experienced the lowest average breach cost at $3.8 million compared to organizations using public or private models at $5.02 million and $4.24 million on average, respectively.
Another interesting metric involves ransomware. Businesses that paid ransom demands reported an average of $610,000 less in breach costs compared to those that decided not to pay, but that figure didn't include the ransom amount paid. When factoring in last year's average ransom of $812,360, the pendulum swings the other way and businesses that complied with ransom demands ended up paying more overall in breach costs.
IBM commissioned Ponemon Institute to study 550 organizations across 17 countries and 17 industries between March 2021 and March 2022 to gather data for the report.
Image credit: Pixabay