Data breaches are slightly more expensive, but the period over which companies are paying for that damage is growing. And the big losers in this scenario are consumers, who are seeing increased costs from this data theft on top of inflation and supply chain issues. Those are the findings of IBM’s most recent Cost of Data Breach report, which surveys over 550 companies around the world to determine how much damage cyber incidents are doing and where trends are going.
Cost of data breaches increasingly paid a year or more after incidents
The new Cost of Data Breach report finds that the average total damage from a breach is only up slightly from the 2021 numbers, moving from $4.24 million to $4.35 million. But organizations are increasingly realizing these costs a year (or more) after the incident, with the biggest expenses coming in the form of fines from governments and lawsuits from consumers that were negatively impacted. Long-term reputational damage is also a consideration.
While the cost of data breaches remained relatively stable from year to year, it has spiked over 10% from the last report issued in the pre-pandemic period. More organizations are also being breached, with 83% saying they have experienced at least one incident at this point. And as the cost of data breaches increases, 60% of organizations are now making consumers absorb at least some of the expense in the form of higher prices.
Can the cost of data breaches be controlled?
The good news in the report is that there clearly are ways to mitigate the cost of data breaches. The bad news is that most organizations are not yet doing what needs to be done.
Fewer than half of all organizations have a cloud security program that has moved beyond the “early stages” of development, and half again of that amount have adopted a zero trust approach to internal security. The companies that are making these moves, particularly those that are implementing automated security and AI, are the only ones coming out of these incidents with minimal damage.
Implementation of AI-based security tools that “deep learn” are knocking the average cost of data breaches from over $4 million to just a little over $1 million. Other factors that substantially reduce data breach cost are adequate security staffing, development and regular testing of incident response plans, and mature cloud security programs.
These cost saving measures are particularly important for certain industries that are being hit the hardest. On top of that list is the healthcare industry, which sees a cost of data breach average at over $10 million. This is attributed to industry-wide reticence to put money into cybersecurity budgets, common use of outdated internet-connected equipment, struggles to maintain adequate IT staff and the very high sensitivity of the data that they handle.