IBM Security has released the annual global Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for surveyed organisations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organisations globally raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.
The perpetuality of cyberattacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organizations globally have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organizations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.
In the Middle East, the costliest breaches are often made by a malicious insider and can reach close to 9.6 million US dollars. This initial attack vector surpasses physical security compromises, stolen credentials, phishing attacks and cloud misconfigurations. The report did however highlight an improvement year-on-year where organizations in the Middle East are identifying and containing data breaches quicker and more effectively.
The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organizations globally, 31 of which are from the Middle East, between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.
“Businesses need to put their security defenses on the offense and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.” said Charles Henderson, Global Head of IBM Security X-Force. “This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked.”
Over-trusting Critical Infrastructure Organisations
Concerns over critical infrastructure targeting appear to be increasing globally over the past year, with many governments’ cybersecurity agencies urging vigilance against disruptive attacks. In fact, IBM’s report reveals that ransomware and destructive attacks represented 28% of global breaches amongst critical infrastructure organizations studied, highlighting how threat actors are seeking to fracture the global supply chains that rely on these organizations. This includes financial services, industrial, transportation and healthcare companies amongst others.
Despite the call for caution, globally only 21% of critical infrastructure organizations studied adopt a zero trust security model, according to the report. Add to that, 17% of global breaches at critical infrastructure organizations were caused due to a business partner being initially compromised, highlighting the security risks that over-trusting environments pose.
“As organisations in the Middle East make great strides in digitization across every major sector, it’s essential that these carefully crafted national visions are safeguarded with the right security capabilities, including the adoption of Zero Trust strategies. The more we resist the idea of Zero Trust, the more we’ll see higher impact breaches that aren’t identified and contained quickly,” said Wael Abdoush, General Manager for IBM Gulf, Levant, and Pakistan.
Hybrid Cloud Advantage
The global report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organizations studied. Averaging $3.8 million in breach costs, businesses that adopted a hybrid cloud model globally observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average, respectively. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.
The report highlights that 45% of studied breaches around the world occurred in the cloud, emphasizing the importance of cloud security. However, a significant 43% of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs3. Businesses studied in the Middle East, that haven’t start applying cloud security practices suffer from 8.3 million US dollars on the average total cost of a data breach.
Some of the key global findings in the 2022 IBM report include:
- Critical Infrastructure Lags in Zero Trust – Almost 80% of critical infrastructure organizations studied don’t adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28% breaches amongst these organisations were ransomware or destructive attacks.
- It Doesn’t Pay to Pay – Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
- Security Immaturity in Clouds – Forty-three percent of studied organisations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organisations with mature security across their cloud environments.
- Security AI and Automation Leads as Multi-Million Dollar Cost Saver – Participating organisations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organisations that have not deployed the technology – the biggest cost saver observed in the study.