Consumers are feeling the impact of record data breach costs, IBM says

27 Jul 2022

Image: © weerapat1003/Stock.adobe.com

IBM said 60pc of organisations raised their product or service prices due to a data breach.

Consumers are feeling the effects of data breaches as the average cost of a breach has reached a record high of $4.35m, according to the latest IBM Security report.

The report suggests data breach costs have increased by nearly 13pc over the last two years. It also highlights the lingering impact these breaches can have, as nearly 50pc of the costs are incurred more than a year after the breach.

Rising costs are also causing impacts for consumers, as 60pc of surveyed organisations raised their product or service prices due to a data breach. IBM noted that this is occurring at a time when the cost of goods is soaring worldwide amid inflation and supply chain issues.

Compromised credentials continued to be the most common cause of a breach, standing at 19pc. This was followed by phishing at 16pc, which was also the most costly cause of a breach, leading to $4.91m in average breach costs for responding organisations.

IBM’s report last year noted that the rapid shift to remote working and operations during the pandemic had an impact on the average cost of a data breach.

Critical infrastructure impact

IBM found that ransomware and destructive attacks represented 28pc of breaches among critical infrastructure organisations studied. This includes companies in financial services, industry, transport and healthcare.

Despite the risks that a data breach poses for these organisations and global warnings about cyberattacks in this space, only 21pc of critical infrastructure organisations studied have adopted a zero-trust security model.

IBM said 17pc of critical infrastructure breaches were caused due to a business partner being compromised first.

Healthcare in particular is facing the pressure of rising data breach costs. This sector saw the highest-cost breaches for the 12th year in a row. Average data breach costs for healthcare organisations increased by nearly $1m to reach a record high of $10.1m.

A report last month by cybersecurity firm Rapid7 found that financial data is leaked most often from ransomware attacks, followed by customer or patient data.

It doesn’t pay to pay

In cases of ransomware attacks, paying a ransom is generally not advised by cybersecurity experts. IBM’s report suggests that companies do not feel benefits if they choose to pay the demands of a ransomware attacker.

The report found businesses that paid ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay, not including the ransom amount.

However, when accounting for the average ransom payment – estimated to be $812,000 in 2021 – the report suggests businesses that pay could net higher total costs, while also potentially funding future cyberattacks.

Hybrid cloud advantage

IBM found that businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model.

Hybrid cloud environments were also the most prevalent infrastructure among studied organisations, at 45pc.

The report highlighted that 45pc of studied breaches occurred in the cloud, emphasising an importance of cloud security. However, 43pc of organisations in the report stated they are only in the early stages or have not started implementing security practices to protect their cloud environments.

More than 60pc of studied organisations said they are not sufficiently staffed to meet their security needs. These organisations averaged $550,000 more in breach costs than those that said they are sufficiently staffed.

“The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases,” said IBM Security X-Force global head Charles Henderson.

“This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com