According the latest Cost of a Data Breach report from IBM, the cost for companies that have suffered a data breach has increased in 2022 to $4.35million. This is up 2.6 percent from last year and up an incredible 12.7 percent from 2020, says AJ Thompson, pictured, CCO, at the IT firm Northdoor plc.
Such a marked increase should act as a real warning to companies who have yet to fully appreciate the importance of identifying and closing vulnerabilities within their businesses. It is not just the cost of a breach that is increasing but the level of sophistication that cyber criminals are using in their attacks.
Perhaps one of the most disturbing stats from the report is the huge percentage of companies that have suffered more than one breach. 83 percent of organisations have been impacted by more one than breach and this of course comes at a cost to the customer. Those companies who had been hit by a breach have had to pass the associated cost onto customers with 60 percent reporting that they had increased the price of goods and services.
At a time where the cost of living is rising all of the time and inflation continues to increase, companies that suffer a data breach are being impacted more than ever before. This is something that cybercriminals are very aware of. We have seen over the past three years cybercriminals gangs upping their efforts to take advantage of global events including the pandemic, the war in Ukraine and the resulting economic crisis.
Ransomware and destructive attacks
One of the main tactics used by cybercriminals is ransomware. This type of attack has been responsible for some of the most high-profile data breaches over the course of the last year. It remains more expensive than the average cost of a breach, although slightly coming down from last year it still comes in at $4.54million per attack.
Perhaps more worryingly the share of breaches caused by ransomware has grown since last year, up 7.8 percent from 2021 to 11 percent in 2022, a growth rate of 41 percent. This points to a real issue for businesses. Whilst any data breach is bad enough, ransomware attacks take more money, tend to be used in association with some of the most sophisticated attacks (such as social engineering) and also have a huge impact on the reputation of a company, to say nothing of the regulatory consequences.
In among some of these rather worrying stats there is cause for some optimism over the next few months. It seems that some of the new tactics being implemented by many companies are having an effect on the success of cybercriminals and the impact of a breach. For example, more companies than ever are implementing a zero-trust approach to their cybersecurity. Zero-trust is where nothing inside or outside the corporate network is taken on face value. It wraps layered, proactive, AI -powered around every user and every element in your infrastructure.
Those deploying zero-trust architecture grew from 35 percent in 2021 to 41 percent in 2022. The 59 percent that did not deploy zero-trust incurred on average $1 million more in breach costs. Those companies with mature zero-trust deployments in place had even better savings, with, on average about $1.5 million lower than those organisations at the initial stages of zero-trust.
Use of security AI
As with those companies implementing AI-powered zero-trust policies the use of other AI and automated solutions has also risen, with 70 percent now using such software, marking
a 18.6 percent growth rate from 2020. For those who had fully deployed AI and automation technology there was a significant reduction in breach costs. They had $3.05 million less in costs compared to organisations with no AI or automation.
The ROI is very clear from this stat and taking the responsibility away from one or two individuals within an organisation’s and automated the process means that an organisation is less likely to be breached as well as remaining in line with regulation.
Skills gap remains
It is clear that the implementation and management of zero-trust and other AI and automated solutions are having a real impact on a business’s ability to fight off a cyber-attack or keep costs and consequences as low as possible if a criminal did get through. However, for those companies with small or even no internal IT teams identifying, implementing and managing such solutions is a daunting if not impossible task. This is backed up by the report, with just 38 percent of organisations believing that their security team was sufficiently staffed. This skills gap was associated with data breach costs that were $550,000 higher for understaffed organisations than for those with sufficiently staffed teams.
However, this isn’t all bad news for those who cannot employ a full team. Many are turning to IT consultancies that have the experience and expertise to advise on the most appropriate cyber defences and then implement and manage them. This allows smaller IT in-house teams to focus on other, critical business functions, whilst having peace of mind that the security is in the hands of a proactive and expert team.