How much does it cost when hackers steal data and render systems unusable?

This is the question that the annual study published by IBM "Cost of a Data Breach" and thus also to analyse the costs incurred by cyber criminals when attacking corporate infrastructures. The latest IBM report shows that data breaches are more costly and have more serious consequences than ever before - and at the expense of customers. After all, 60% of companies that suffered data breaches subsequently raised the prices of their services. And this at a time when manufacturing costs are rising massively worldwide due to inflation and supply chains. Now then. Let's take a closer look at these results!

IBM Security published its annual Cost of a Data Breach Study 2022 on 27 July 2022, which was independently conducted by the Ponemon Institute and sponsored, analysed and published by IBM Security®. The study analysed 550 companies that were affected by data breaches between March 2021 and March 2022. These breaches occurred in 17 countries and regions and in 17 different industries.

What is a data breach?

Data breach describes a violation of data security and data protection in which personal data or trade secrets are disclosed or made accessible to unauthorised persons. Other words for data breach include data breach, data breach or data protection incident - and usually result in a security incident, i.e. an incident that jeopardises information security. This can be caused, for example, by hacker attacks, the use of an unknown USB stick, the theft of a smartphone or the deliberate or unintentional disclosure of information to unauthorised persons, for example in the workplace. Data breaches are often associated with considerable risks, such as damage to reputation, credit card misuse or identity theft for those affected, as well as serious disadvantages for companies. This study shows that the costs of a data breach are higher and more serious than ever before - both internationally and in Germany. The average cost of a data breach for the companies surveyed has reached a new global high of USD 4.35 million.

According to the IBM study, these five countries or regions, including Germany, will have to bear the highest average costs for data breaches in 2022.

On average, the cost of a security incident

1. In the United States, USD 9.44 million

. USD

2. 7.46 million USD in the Middle East

3. 5.64 million USD in Canada

3. USD

4. in the United Kingdom USD 5.05 million

5. in Germany USD 4.85 million. USD

The following findings of the study are particularly significant and telling:

83% of the companies surveyed have had more than one data breach since the company was founded.

60% of these data breaches led to price increases for the products and services of the companies analysed.

The cost of IT security incidents has risen by almost 13% in the last two years.

79% of companies with critical infrastructure do not use a Zero Trust architecture.

The biggest drivers of cost savings are artificial intelligence and automation technologies.

From the "Cost of a Data Breach 2022" shows that 83% of the companies surveyed have already experienced more than one security incident since the company was founded. The after-effects of data security breaches on these companies sometimes only become apparent long after they have occurred. For example, 50% of the costs of a data theft are usually only incurred one year after the attack - or later.

79% of the companies surveyed with critical infrastructure - including companies from the financial services, industrial, transport and healthcare sectors - do not use zero-trust security models. The average cost of a data theft is USD 5.4 million - that is USD 1.17 million more than for companies that rely on Zero Trust.

According to the IBM report, ransomware attacks accounted for 28% of data security breaches at the critical infrastructure companies surveyed. Threat actors are actively trying to disrupt global supply chains that depend on these companies.

17% of attacks on companies with critical infrastructure are due to the fact that a business partner was attacked first. This highlights the risk factor of an overly trusting environment.

37% of the companies surveyed that have incident response plans do not test them regularly.

62% of the companies surveyed stated that they have too few staff to implement their security strategy.

Companies that complied with ransom demands only incurred an average of 610,000 US dollars less in security incident costs (excluding the ransom amount) than those companies that did not pay the ransom, according to the IBM study. Paying a ransom is rarely worthwhile. Also because the money paid will most likely help finance further attacks.

According to this report, the phishing method is the most expensive cause of data breaches.

While compromised credentials remain the most common cause of a data breach (19%), phishing (the second most common cause of data breaches at 16%) is the most costly, according to this study. Here, a company can expect an average cost of 4.91 million US dollars for a security incident.

The healthcare sector bears the highest costs for data breaches.

For the 12th time in a row, the companies surveyed from the healthcare sector have recorded the most expensive data breaches of all sectors. The average cost of a data breach in the healthcare sector has risen to a record high of 10.1 million US dollars.

SUMMARY: So which solution offers the highest security and cost efficiency?

According to the study report, the biggest factors for cost savings are artificial intelligence and automation technologies. Companies using AI and automation save an average of 3.05 million US dollars in data breach costs compared to companies that do not use these technologies.

The use of security AI and automation increased by almost a fifth in two years at the companies analysed, from 59% in 2020 to 70% in 2022.

43% of the companies surveyed are still at the very beginning when it comes to cloud security. This results in higher costs of a security incident, as those companies need an average of 108 days more time to detect and contain a data breach than companies that apply IT security measures in all areas.

The study emphasises that 45% of the data breaches investigated occurred in the cloud - a fact that once again underlines the importance of cloud security.

"Companies need to get ahead of attackers when it comes to security issues. [...] This report shows that the right strategies combined with the right technologies can make the difference when organisations are under attack," said Charles Henderson, Global Head of IBM Security X-Force. (Source: https://de.newsroom.ibm.com/2022-07-27-Cost-of-a-Data-Breach-Studie-2022)

As you know, we are always available to talk to you about a sensible IT security concept - and look forward to working with you to make the world a safer place.

Your suresecure

You can find the full study download it here.

Have you already taken out cyber insurance in case of digital espionage, sabotage or data theft? Check insurability here and now.