Average cost of data breach surpasses $4 million for many organizations

Beyond the immediate costs of a data breach, almost half of the total costs occur more than a year after the incident, says IBM Security.

A successful data breach is costly to the impacted organization not just in time, resources and reputation but in cold hard cash. In addition to the expense of detecting, mitigating and cleaning up after a breach, there are long-term costs that can plague an organization for months or even years. A report released Wednesday by IBM Security looks at the impact of data breaches on a company’s bottom line.

To create its “Cost of a Data Breach Report 2022,” IBM Security commissioned Ponemon Institute to analyze 550 organizations hit by data breaches between March 2021 and March 2022. With more than 3,600 interviews conducted with individuals across the affected organizations, the goal was to determine the immediate and longer-terms costs of a breach.

Among the organizations analyzed for the research, 85% were the victim of more than one data breach during the 12-month period included in the study. The average cost of a data breach hit an all-time high of $4.35 million this year, a gain of 2.6% from 2021 and 12.7% from 2020. In the United States, the average cost was $9.44 million, the highest amount of any country.

The costs of a data breach can linger as well. Almost 50% of the costs analyzed by IBM Security occurred more than a year after the actual breach. Further, some 60% of the organizations that suffered a breach were forced to pass on the cost by increasing prices to their customers.

Looking at how and why the breaches occurred, 45% of them were cloud-based, 19% of them happened because a business partner was compromised, another 19% were the result of stolen or compromised credentials and 16% were triggered by phishing attacks.

What business leaders can do to avoid data breaches

To help organizations protect themselves against data breaches, IBM Security offers the following tips:

Implement zero trust security 

In the midst of remote and hybrid work conditions and multicloud environments, zero trust can help safeguard sensitive data and other assets by limiting access. Toward that end, employees will want to use security tools that can share information between different systems and centralize your security operations.

Protect data in the cloud by using specific policies and encryption 

To safeguard an organization’s cloud-hosted databases, use data classification schemes and retention programs so IT departments can more easily see and reduce the amount of sensitive data vulnerable to a breach. Use both data encryption and homomorphic encryption to protect sensitive files. Further, using an internal framework for audits can help users gauge security risks, better meet compliance standards and improve the company’s ability to detect and contain a data breach.

Turn to automated security tools 

To improve a business’ security posture, consider the following tools:

1. Security orchestration, automation and response (SOAR)
2. Security information and event management (SIEM) software
3. Extended detection and response (XDR)

All three can help IT departments more quickly respond to security incidents through automation and integration with existing security products. XDR can also lead to lower data breach costs.

Use tools to protect remote endpoints and employees 

Data breaches in which remote work was a factor were more costly to mitigate than those in which it didn’t play a role. For that reason, such tools as Unified endpoint management (UEM), Endpoint detection and response (EDR) and Identity and access management (IAM) can provide a clearer picture into suspicious activity, especially across remote devices and endpoints that your organization doesn’t manage directly. All three can speed up the time required to investigate and respond to a breach as well as isolate and contain it.

Improve security defenses by creating incident response measures. 

One effective way to contain the costs of a data breach is by devising an incident response team and then creating and testing a response plan. To learn how to respond to a breach more quickly, regularly run tabletop exercises or breach scenarios using a simulated environment. Adversary simulation exercises, also known as red team exercises, can help IT departments determine the effectiveness of their response team and detect any gaps in their security capabilities.