It is well known that the volume of security incidents has not stopped growing steadily for some years now. The cybercrime industry is experiencing a golden age that, unfortunately, shows no sign of exhaustion. In the short and medium term we can be sure that the figures will continue to grow and that every day we will face new threats that will be added to those already existing, causing a situation of insecurity that requires taking as many measures as are in our hands. .
An argument that, as surprising as it may be, is still heard today to excuse the adoption of these measures is related to the costs of adopting these measures. And it is of little or no use that the cybersecurity sector diversifies its catalog of solutions to adapt to all types of budgets, even so we continue and will continue to see companies that decide not to make that investment.
For this reason, to combat this attitude that, although reduced, is still present today, reports such as the Cost of a Data Breach, published annually by IBM, and which, in addition to a complete x-ray of the current situation in terms of Referring to the security breaches that affect companies, it compiles all the necessary information to be able to offer us some very clear and forceful metrics, such as the average cost faced by the companies that have suffered them during this year.
And if the number of threats has grown, the same can be said of their cost, whose average is quantified by IBM at 4.35 million dollars, an absolute record compared to previous years. To arrive at this figure, the IBM report is based on an in-depth analysis of real-world data breaches experienced by 550 organizations worldwide between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.
This report has become a leading reference tool, providing IT, risk management, and security leaders with insight into the factors that tend to increase, or help mitigate, the cost of data breaches.
- The average cost of a data breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022. The average cost increased 12.7% from $3.86 million in the report. 2020.
- The proportion of organizations implementing Zero Trust grew from 35% in 2021 to 41% in 2022. Organizations not implementing Zero Trust incurred an average of $1 million more in breach costs compared to those implementing Zero Trust .
- Stolen or compromised credentials were responsible for 19% of breaches. Phishing was responsible for violations 16% of the time. Cloud misconfiguration caused 15% of violations.
- Breaches that occurred in a hybrid cloud environment cost an average of $3.80 million. This figure compares with $4.24 million for breaches in private clouds and $5.02 million for breaches in public clouds.
Some sectors are affected much more than others, although there is not a single one that can relax and think that they are out of risk. A clear example of the most threatened is the health sector, in which the average cost to be faced by a security breach is 10.1 million dollars, an increase of 42% compared to that calculated just two years ago, for the 2019-2020 financial year.
The perpetuity of cyberattacks is also shedding light on the “chaser effect” data breaches are having on businesses, as the IBM report reveals that 83% of organizations studied have experienced more than one data breach. Another factor that increases over time is the after-effects of attacks on these organizations, which linger long after they occur, with nearly 50% of incident costs occurring more than a year after they occur. that have occurred.
And what is the report referring to when it talks about the incidence of cyberattacks on the cost of living? Well, in the same report we can verify that, in many cases, the companies affected by the attacks have been forced to increase the price of their products and services in order to face the extraordinary costs caused by said attacks.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.