IBM’s Cost of a Data Breach Report finds invisible ‘cyber tax’
Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
When it comes to operational challenges, few mistakes are as costly as data breaches. Just one exploited vulnerability can lead to millions in damages, not just due to upfront disruption, but a loss of respect from consumers and potential compliance liabilities.
Unfortunately, the cost of a data breach is only going up. Today, IBM Security released its annual “Cost of a Data Breach” report conducted by Ponemon Institute, which found that the cost of a data breach in 2022 totaled $4.35 million, an increase of 2.6% since last year’s total of $4.24 million.
The research also found that organizations that fell victim to cyberattacks were prime target for follow-up attacks as part of a “haunting effect”, with 83% of organizations studied having had more than one data breach.
For enterprises, the report highlights that new approaches are required to mitigate the impact of data breaches, particularly in the face of a growing number of sophisticated attacks, which can’t always be prevented.
The hostile reality of the threat landscape
As the cost of a data breach continues to rise amid a threat landscape of rampant double and triple extortion ransomware attacks and identity-related breaches, it’s becoming increasingly clear that traditional approaches to enterprise security need to be reevaluated.
In the last week alone, T Mobile and Twitter found out the cost of a data breach first hand with the former agreeing to pay customers $350 million as part of a post-breach settlement, and the latter having to deal with the negative fallout after a hacker claimed to have accessed data on 5.4 million users.
With the impact of such breaches causing millions in damage, many organizations decide to pass costs onto consumers, as part of an invisible cyber tax. In fact, IBM found that for 60% of organizations, breaches led to price increases passed on to customers.
“What stands out most in this year’s finding is that the financial impact of breaches is now extending well beyond the breaches organizations themselves,” said Head of Strategy, IBM Security X-Force, John Hendley.
“The cost is trickling down to consumers. In fact, if you consider that two or three companies within a supply chain may have suffered a breach and increased their prices, there’s this multiplier effect that’s ultimately hitting the consumer’s wallet. Essentially, we’re now beginning to see a hidden “cyber tax” that individuals are paying as a result of the growing number of breaches occurring today compounded with the more obvious disruptive effects of cyberattacks,” Hendley said.
When asked why the cost of data breaches continued to grow, Hendley explained that there’s a high volume of attacks occurring, but only a limited number of skilled security professionals available to respond to them.
This is highlighted in the research with 62% of organizations saying they weren’t sufficiently staffed to meet their security needs.
What are the implications for CISOs and security leaders
Although the report highlights the bleakest of the current threat landscape, it also points to some promising technologies and methodologies that enterprises can use to reduce the cost of data breaches.
For instance, one of the most promising findings was that organizations with fully deployed security AI and automation can expect to pay $3.05 million less during a data breach, and on average cut the time to identify and contain a breach by 74-days.
At the same time, organizations that implement zero trust can expect to pay 1 million less in breach costs than those that don’t.
Finally, those organizations maintain an incident response team and regularly tested IR plans can expect to cut the cost by $2.66 million.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.