IBM recently released its Cost of a Data Breach Report for 2022. It’s a helpful resource that offers IT, risk management, and security leaders insight into the year’s trends surrounding data breaches. Where they happen, how they happen, what kinds of organizations they happen to, and the costs to recover from one.
IBM Security looked at hundreds of organizations in various industries all over the world affected by data breaches. They interviewed almost 4,000 people and asked questions about the short and long-term consequences of suffering a security breach and other details. Below is a brief summary of key findings in the report as well as some other data we found so you can get an idea of cyber attacks on a global scale.
At a Glance
- 83% of organizations had more than one breach.
- 60% of organizations’ breaches resulted in increased prices passed on to customers.
- The average cost of a data breach is $4.35 million.
- The average cost of a data breach in the United States is $9.44 million — the highest in the world.
- 45% of breaches occurred in the cloud.
- Stolen or compromised credentials cause 19% of breaches.
- The healthcare industry had the highest average cost for a breach for 12 years.
- Over 680,000 healthcare breaches in 2021 resulted in close to 45 million healthcare records being compromised.
- The DevSecOps Market is worth USD $23.16 billion globally.
Healthcare, financial, and pharmaceutical industries have the most costly data breaches. The average breach costs in the healthcare industry reached $10.10 million. The financial sector came in second place with $5.97 million in costs. More than 60% of organizations that experience a breach pass the cost to customers.
Common Attack Vectors
The report also showed that compromised credentials (19% of breaches), phishing (16%), and cloud misconfiguration (15%) are the top three attack vectors preferred by attackers. But phishing tops the list as the most expensive type of attack, costing businesses nearly $5 million for every breach.
Cyber Attacks Around the World
The countries and regions with the highest breach cost are the United States at $9.44 million, the Middle East at $7.46 million, Canada at $5.64 million, the United Kingdom at $5.05 million, and Germany at $4.85 million. Brazil had the fastest growth — a 28% increase from $1.08 million to $1.38 million.
Breaking It Down: Country-by-Country
The IBM report provides statistics and information for several countries, and we also added information for a few regions with particularly active DevSecOps communities.
The United States
In 2022, security vulnerability detection and escalation costs increased by over 16% from 2021 to $1.44 million in 2022. The average cost of a data breach was $9.44 million in 2022.
The most common initial attack vector in 2022 was stolen or compromised credentials, accounting for 19% of breaches at an average cost of $4.5 million. In 2022, Healthcare was the highest-cost industry for the 12th year. The average cost of a breach in healthcare increased from USD 9.23 million in the 2021 report to USD 10.10 million in 2022, an increase of USD 0.87 million or 9.4%.
Over 85% of Italian organizations were subject to at least one successful attack within 12 months and the average cost of a data breach was $3.74 million in 2022.
Over 60% of organizations in Italy dealt with ransomware attacks. At the end of March 2021, Italian menswear brand Boggi Milano was hit by hackers who stole 40 GB of data. According to the CyberEdge 2021 CDR Report, 12.3% of IT budgets are spent on security. Italy has issued 83 GDPR-related fines. One of the biggest fines to date was issued by Italy’s data protection supervisory authority against a telecommunications operator.
Colombia has accelerated its digitization process, but digital security has become a challenge due to the fast pace of the country’s digital transformation. Colombian companies have invested significantly in cybersecurity and are implementing IT security policies to prevent cyber-attacks.
Businesses in Spain are no strangers to cyber attacks. The VMware Spain Security Insights Report 2021 found that 75% of Spanish cybersecurity professionals say attacks are getting more sophisticated and more frequent.
Over 90% of Spanish companies suffered a security breach in the past 12 months, and a fifth experienced negative financial implications. The top causes of cyber breaches in Spain are outdated security technology, inefficient processes, reliance on third-party applications, and operating system vulnerabilities. Spanish organizations allocate 11.9% of their IT budget to security
Data encryption was prevented in around a quarter of all attacks. The Sophos State of Ransomware Report 2022 reported that Spanish companies used encryption to stop 26% of attacks. Over 350 GDPR-related fines have been issued in Spain. Spanish organizations spend 22% of their IT budget on cyber security. But there’s arguably room for improvement. The SEPE (the Spanish government labor agency) was the subject of a data breach in March 2021 that halted work in hundreds of offices across the country.
Mexico experienced an uptick in cyberattacks after COVID-19 in 2020. In fact, over a third of the 41 billion cyberattacks in Latin America occurred in Mexico. It’s a major e-commerce market with online payment platforms that introduce vulnerabilities.
While Mexico’s lack of structured cybersecurity laws restrains the growth of the Mexico cybersecurity market, several major consulting firms have announced expansions into the country.
Digital access has increased in Peru, and so has the need for data security. About 32% of organizations in Peru reported experiencing cyber attacks. There’s significant room for growth, with only 65% of organizations in Peru allocating between 1% and 5% of the IT budget for cybersecurity. A mere 18% have a budget of more than 10%.
In recent years, Peru ranked fourth in cyber attacks in Latin America after Brazil, Mexico, and Colombia. Technology, education, and health most affected industries. Recently, hackers leaked the personal information of the Peruvian Congress workers. Attackers also stole nearly 10 GB of data from the Peru MOF – the agency is responsible for national, military, and police intelligence and counterintelligence.
The need for data security has increased all over the world and Ecuador is no different. In 2019, detailed information for every person in Ecuador was leaked online in a major data breach.
The Department for Digital, Culture, Media, and Sport (DCMS) commissioned the Cyber Security Breaches Survey of UK businesses, charities, and educational institutions as part of the National Cyber Security Programme.
According to the Survey, during the last 12 months, 39% of UK businesses identified a cyber attack. The most common threat was phishing attempts (83%). About 20% of organizations experienced a negative outcome as a result of a cyber attack. The UK government maintained a list of recent data breaches and reported that 97 million records were breached in August 2022 alone.
The National Consumer Service (SERNAC) is the public service in Chile that is responsible for safeguarding and promoting consumer rights. Both the country’s consumer protection agency and judicial system were hit by attacks.
Germany has one of the world’s largest economies which makes it a target for attacks. Recently, Germany‘s Federal Criminal Police Office (Bundeskriminalamt or BKA) published an annual “Situation Report” summarizing Germany’s primary cyber threats.
According to the BKA, phishing and vulnerabilities are the most common attack vectors and the financial services industry sees the most fishing attempts. German companies spend nearly 11% of their IT budget on security, up 3% from 2021.
The average cost of ransomware attacks in Germany was more than $1.73 million and 46% of organizations paid the ransom to get their data back. The country even saw the first death by ransomware in 2021 when a woman from Düsseldorf was rushed to a hospital 19 miles away after a ransomware attack targeted her local hospital in Düsseldorf, preventing her from being processed. Unfortunately, the woman died.
Data breaches are a problem in France and the government has it in their focus but there’s a long way to go before they’re in a similar position as neighboring countries. Companies in France allocate around 10% of their IT budget to security initiatives.
Sophos’s The State of Ransomware Report 2022 states that 73 percent of French organizations were hit by ransomware in 2022. Only 27 GDPR fines have been issued in France but the third largest was handed out in France when the country’s data protection supervisory authority issued Google a €90 million fine. The IBM Cost of a Data Breach Report 2022 reveals how much companies lost due to data breaches in 2022. On average, French organizations spent $4.34 million on a breach.
Better, More Widespread Solutions Are the Answer
Data breaches cost billions every year, and it’s a global problem. The reports from IBM and others underscores the extent of the issue and brings attention to the need for better ways to promote the security of industries and organizations as well as more widespread adoption of security best practices.
Kiuwan’s advanced cybersecurity services include robust tools, like software composition analysis (SCA) and static application security testing (SAST), that analyze and identify potential vulnerabilities in code security. Our products provide extensive and digestible reviews of every step in the software supply chain, and deploy powerful solutions to counteract the most common cybersecurity threats. Contact Kiuwan for a free demo.
You can get access to the full IBM report here. Stay tuned for more security tips and tricks as part of #CybersecurityAwarenessMonth!