2022 IBM Report: Cybercrime Reaches an All-Time High
Businesses face few risks today as dangerous as cybercrime. While cybercrime is nothing new, it’s reaching unprecedented levels of damage as businesses grapple with unrelenting attacks and the rising costs associated with them.
Now, the average cost of a data breach has reached $4.35 million.
Several factors have been contributing to rising cybercrime. The start of the COVID-19 pandemic in March 2020 forced millions of workers to log-on from home for the first time, stretching the capacity of many businesses’ remote capabilities and security. This, coupled with the increased attacks that fed on fear and confusion, created the perfect storm that hasn’t slowed since.
In this blog, we’ll highlight our key takeaways from this year’s Cost of a Data Breach Report, both the good and the bad.
The Bad News: The Threat Landscape is Getting Worse
It should be a surprise to no one that the cyber threat landscape is bleak. These attacks are now affecting everyone and evolving so rapidly it’s difficult to defend against them. While highlighting the bad news can be daunting, it’s important to discuss just how serious these threats have become.
- In the last two years, the average total cost of a cyber-attack increased 12.7%, up from the $3.86 million reported in 2020 to the current $4.35 million.
As the frequency and severity of breaches grow, a number of industries are being hit the hardest. For the 12th year in a row, the healthcare industry was number one with an average cost of $10.10 million. After healthcare, the financial, pharmaceuticals, technology, and energy industries rounded out the top five with the highest average cost.
The most common initial attack vector today is stolen or compromised credentials, making up 40% of all attacks.
- 83% of organizations studied have had more than one data breach.
This has been dubbed the “haunting effect” as these victims are likely to be hit twice.
- 60% of organizations’ breaches led to increases in prices passed on to consumers.
Cyber incidents are contributing to the rising costs of goods and services. 60% of businesses raised their prices due to a breach which only adds to the inflation and supply chain issues we’re all facing globally.
- 45% of breaches were cloud based.
The cost of a breach that occurred in the cloud will vary, depending on the type of cloud. For hybrid cloud environments, the cost is the lowest at an average of $3.80 million. This is significantly less than the average cost in a private cloud, which is $4.24 million, and a public cloud, which is $5.02 million. Organizations with a hybrid cloud model also have a shorter breach lifecycle.
- 62% of organizations said they are not sufficiently staffed to handle their security needs.
Security teams with a skills shortage faced higher-than-average costs of a data breach. The hot job market has made it increasingly hard to find and hold onto IT talent. This has forced employers to get creative and turn to on-demand IT resources to address their needs.
- 79% of critical infrastructure organizations didn’t deploy a zero trust architecture despite the recommendations made by the White House in 2021.
This includes financial services, industrial services, technology, energy, transportation, communication, healthcare, education, and public sector industries. As these industries are a prominent target for threats, attacks on critical infrastructure affect the various businesses and other industries that rely on them.
The Good News: Security Methods Are Working
The statistics surrounding the threat landscape can feel daunting. However, these should be used as motivation to act and protect your business. There are security methods that can better protect your organization and many of these will have a large impact on the outcome of a potential attack.
- Fully deployed security AI and automation saved an average of $3.05 million, versus those with no security AI and automation.
This includes technologies that depend on AI, machine learning, analytics, and automated security orchestration. In addition, the number of organizations adopting these security technologies increased in 2022 by 5%.
- Organizations with XDR technologies identified and contained a breach 29 days faster than those without, resulting in lower-than-average data breach costs.
44% of the organizations in the study have implemented XDR capabilities.
- The average time to identify and contain a data breach decreased by 10 days, falling from 287 in 2021 to 277 days, which ultimately results in lower costs.
- Organizations with an incident response plan that is regularly tested saved $2.66 million on average.
73% of organizations have an IR plan in place and 63% reported their IR plan is regularly tested.
- The average breach cost for those with a mature Zero Trust approach is $1.51 million less than those with early adoption of Zero Trust.
However, only 41% of organizations reported that they had deployed a Zero Trust architecture.
- Those with robust cloud security practices faced an average of $660k less in costs than those without sound cloud security practices.
Further, those lacking security required an average of 108 more days to identify and contain a breach than those applying consistent security patches across their cloud environment.
Next Steps: Get on the Offense of Your Cyber Security
Yes, the cyber landscape may seem bleak. Cyber events are on the rise, costs are trickling down to every consumer, and it can be difficult to find the manpower to address security needs.
However, the key takeaway here should be this: While cyber events remain a momentous concern, there is a way to fight back. There are many methods in which businesses can take their cyber security from good to great and these steps will have a direct impact on your organization’s ability to prevent and recover from an attack.
Just as threats are consistently evolving, cyber best practices and the latest security tools are also difficult to keep up with. Cyber security isn’t something you can simply check off your list. It’s an ongoing journey.
To learn more about improving your organization’s cyber security position, contact one of our Arraya experts today.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.