Data Breach Report from IBM — 2022
Summary:
The volume and impact of data breaches have accelerated largely in 2022, which has contributed to many adverse effects for businesses. Tc highlights several updated factors that have generated great costs across 17 countries and regions, and 17 industries. The report has included new related areas of analysis such as:
- Extended Detection and Response (XDR)
- Risk Quantification techniques
- Technologies that contribute to a zero trust security framework — Identity and Access Management (IAM) and Multifactor Authentication (MFA)
The 2022 report records the highest global cost increase incurred by data breaches over all the previous years. The average global cost of a data breach reached USD 4.35 million, which is a 12.7% increase from the last year, and the highest ever noted across the history of IBM reports. For the 12th year in a row, the United States is the topmost country, reported as the costliest, with the average total cost of a data breach of USD 9.44 million. The second highest is the Middle East Region, at USD 7.46 million. Germany is in fifth place with the lowest cost of 4.85 million.
The top three industries affected by the costs of data breaches listed in this report are, healthcare, financial, and pharmaceuticals. The healthcare industry represented first place of USD 10.10 million, a 9.4% increase from the previous year. The financial sector listed the second place of USD 5.97 million in costs endured with a 4.4% increase than 2021. The average total cost decreased slightly in the pharmaceutical industry of USD 5.01 million. Each of these are part of critical infrastructure sectors. As a result of the costs endured by the organizations from the data breaches, a majority of 60% of organizations increased the prices of their services and products for the consumer to bear.
The top four initial attack vectors of data breaches in the 2022 report are indicated in the same order as the previous 2021 report. The most common initial attack vector reported was compromised credentials of 19% at an average cost of USD 4.50 million. Phishing attacks accounted for 16% of breaches, costing USD 4.91 million. The rest of the initial attack vectors such as cloud misconfiguration of 15%, and third-party software vulnerabilities of 13%, were classified in order.
A positive sign is noticed of multiple cost factors decreasing the cost of data breaches in the report. For example, AI platforms decreased the cost of a data breach by an average of USD 300,075 from the mean cost of a data breach of USD 4.35 million. DevSecOps approaches decreased costs averaging USD 276,124, and for the third factor, the formation of an Incident Response (IR) team decreased the average breach costs by USD 252,897. Considering AI automated security controls, fully deployed automated security measures have lower costs of USD 3.15 million than measures where there is no automation security procedure involved. Instances where no AI security and automation were adopted had a higher cost of USD 6.20 million. Organizations that had fully deployed automated AI security controls detected and contained a breach two and a half months earlier on average than organizations that had no security controls deployed.
