Partner content
Average data-breach costs soar to $4.4 million in 2022
Sixty percent of breaches have resulted in companies recouping the cost of fines, clean-up, and technological improvements by increasing prices, essentially making consumers pay for breaches and companies’ lack of preparedness, according to an annual report published on July 27.
The “Cost of Data Breach Report 2022” report, based on a survey of executives and security professionals at 550 companies, says the average cost of a data breach continued to rise in 2022, reaching an average of $4.4 million globally (up 13% since 2020) and $9.4 million in the United States. On average, companies required 277 days to identify and contain data breaches, down from 287 days in 2021, and 83% of companies had suffered more than one breach.
“It is clear that cyberattacks are evolving into market stressors that are triggering chain reactions, [and] we see that these breaches are contributing to those inflationary pressures,” says John Hendley, head of strategy for IBM Security’s X-Force research team. “We have to think about cyber events as factors that are capable of straining the economy, similar to COVID, the war in Ukraine, gas prices, all of that.”
The annual report, based on surveys conducted by the Ponemon Institute, is not the first attempt to gauge the impact of breaches on businesses’ balance sheets. Last year, a survey by security-operations firm IronNet found that most companies were affected by the supply chain attack on network management firm SolarWinds, with the average firm seeing an 11% drop in revenue due to dealing with the incident.
Overall, experts estimated that the incident would cost SolarWinds about $18 million but would cost the 18,000 affected businesses and government agencies as much as $100 billion in clean-up costs.
A “Cyber Tax” on Consumers
While cybersecurity experts have increasingly urged companies to count on having their systems compromised, they continue to have problems stopping attackers, and they are passing costs onto consumers, Hendley notes. This suggests that data breaches and cyberattacks are creating a cyber tax, he argues, increasing costs for downstream consumers and clients.
“When you think about the fact that 83% of businesses have been breached at least once in their lifetime, I think it becomes difficult to say that we need to apply punitive damages to help prevent breaches,” Hendley says. “There is always going to be a way in, so I think the best investment that we can have is to try to shift the line from protecting the perimeter to thinking like the attacker.”
To read the complete article, visit Dark Reading.
