The average cost of data breaches is now $4.35 million globally – up 2.6% from the previous year, according to an IBM report released on Wednesday.
The United States was the costliest country for the 12th year in a row, with an average total cost of $9.44 million – up 4.3% from the previous year, with 60% of businesses having to increase their product prices to account for the costs as a result.
2022 Data Breach Report Findings
The report, titled the Annual Cost of a Data Breach, revealed that the biggest causes were compromised credentials (19%), phishing attacks (16%), cloud misconfiguration (15%) and vulnerability in third-party software (13%) – the risk of which can be significantly reduced with password managers and efficient cybersecurity training.
The costliest attack was phishing at $4.91 million, followed by business email compromises ($4.89 million), vulnerability in third-party software ( $4.55 million) and compromised credentials ($4.5 million).
The report also revealed that, while the cost of ransomware attacks have declined, the frequency has increased, rising from 7.8% to 11%, meaning that businesses and entrepreneurs need to be more vigilant.
The Businesses Most Financially at Risk
Businesses in the industrial, technology, communication, education, public sector, healthcare and financial service industries were the most financially at risk, with an average cost of $4.82 million paid in data breach costs in 2022 – $1 million more than organizations in other industries. This is partly due to the particularly high costs of the healthcare industry, which had the highest average per-breach cost of $10.1 million overall – up $1.1 million from the previous year.
The report, conducted by Ponenmon Institute, is based on a collection of data breaches from 550 organizations around the world between 2021 and 2022, analyzed by IBM.
The high cost of paying for cybersecurity attacks can be exceptionally damaging to small businesses, yet as our own research found, investment in prevention is often not seen as a priority.
How to Keep Protect Your Business From Breaches
With remote work and hybrid operating businesses increasing, there are a number of steps your business can take to minimize risks.
- Encrypting your internet traffic and masking IPs with virtual private networks (VPNs) is a great way to reduce the risk of malicious activity.
- Using password managers will help reduce the risk of compromised credentials, by providing an extra layer of defense between you and any potential cyber threats.
- The report also suggests organizations that implemented a zero trust architecture shaved an average $1 million off their total cost in breaches.
- Organizations with an incident response team who regularly tested their incidence response plan also saved on average $2.66 million
For more information on how to improve your cybersecurity, read our top internet safety tips.