The annual global Cost of a Data Breach Report from IBM Security revealed more expensive and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for surveyed organizations.
With breach costs increasing by nearly 13% over the last two years of the report, the findings indicate that these incidents may also be contributing to rising goods and services costs. In fact, 60 percent of the organizations studied globally raised their product or service prices as a result of the breach, despite the fact that the cost of goods is already rising globally due to inflation and supply chain issues.
The pervasiveness of cyberattacks is also shedding light on the “haunting effect” data breaches have on businesses, with the IBM report revealing that 83% of studied organizations globally have experienced more than one data breach in their lifetime. Another factor that has been increasing over time is the aftereffects of breaches on these organizations, which last for a long time after they occur, with nearly half of breach costs incurred more than a year after the breach.
The most expensive breaches in the Middle East are frequently committed by a malicious insider and can cost up to $9.6 million USD. Physical security breaches, stolen credentials, phishing attacks, and cloud misconfigurations pale in comparison to this initial attack vector. The report did, however, highlight a year-on-year improvement in the Middle East organizations’ ability to detect and contain data breaches more quickly and effectively.
The 2022 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 550 organizations worldwide between March 2021 and March 2022, 31 of which are from the Middle East. The Ponemon Institute conducted the research, which was sponsored and analyzed by IBM Security.
“Businesses need to put their security defenses on the offense and beat attackers to the punch. It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.” said Charles Henderson, Global Head of IBM Security X-Force. “This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked.”
Over-trusting Critical Infrastructure Organizations
Concerns about the targeting of critical infrastructure appear to have grown in the last year, with many governments’ cybersecurity agencies urging vigilance against disruptive attacks. Indeed, according to IBM’s report, ransomware and destructive attacks accounted for 28% of global breaches among critical infrastructure organizations studied, highlighting how threat actors are attempting to disrupt the
global supply chains that rely on these organizations. Among these are financial services, industrial, transportation, and healthcare firms.
Despite the warning, only 21% of critical infrastructure organizations studied globally use a zero trust security model, according to the report. Furthermore, 17 percent of global breaches at critical infrastructure organizations were caused by an initial compromise of a business partner, highlighting the security risks that overly trusting environments pose.
“As organizations in the Middle East make great strides in digitization across every major sector, it’s essential that these carefully crafted national visions are safeguarded with the right security capabilities, including the adoption of Zero Trust strategies. The more we resist the idea of Zero Trust, the more we’ll see higher impact breaches that aren’t identified and contained quickly,” said Wael Abdoush, General Manager for IBM Gulf, Levant, and Pakistan.
Hybrid Cloud Advantage
The global report also identified hybrid cloud environments as the most common infrastructure (45 percent) among the organizations studied. Businesses that adopted a hybrid cloud model globally experienced lower breach costs, averaging $3.8 million, compared to businesses that used only public or private cloud, which experienced $5.02 million and $4.24 million, respectively. In fact, hybrid cloud adopters studied were able to detect and contain data breaches 15 days faster on average than participants globally (277 days).
The report emphasizes the importance of cloud security by stating that 45 percent of studied breaches worldwide occurred in the cloud. However, 43 percent of reporting organizations stated that they are only in the early stages of implementing security practices to protect their cloud environments, resulting in higher breach costs3. Businesses in the Middle East that have yet to implement cloud security practices face a total cost of 8.3 million US dollars on average for a data breach.
Some of the key global findings in the 2022 IBM report include:
· Critical Infrastructure Lags in Zero Trust – Almost 80% of critical infrastructure organizations studied don’t adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28% breaches amongst these organizations were ransomware or destructive attacks.
· It Doesn’t Pay to Pay – Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
· Security Immaturity in Clouds – Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their
cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments.
· Security AI and Automation Leads as Multi-Million Dollar Cost Saver – Participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.
