Dive Brief:
- The global average cost of a data breach hit an all-time high of $4.35 million this year, but for companies operating in the U.S. — and those involved in critical infrastructure — the costs are even higher, according to an IBM Security report.
- American companies have the distinction of paying the highest price for data breaches at an average cost of $9.4 million, IBM said in its annual Cost of a Data Breach report.
- Cloud-based services were at fault for 45% of the data breaches that occurred during the 12-month period leading up to March 2022 and across the 550 organizations IBM studied.
Dive Insight:
Data breach aftermath often pushes businesses off-course. Most enterprises hit by data breaches pass costs associated with those intrusions on to their respective customers, the report said.
Six out of 10 organizations that suffered a data breach increased prices on products and services sold to their customers, an indication that data breach costs extend beyond the targeted victim and likely continue downstream.
Rising costs and spreading fallout are no surprise considering other conclusions drawn by IBM Security, which commissioned Ponemon Institute to conduct the research.
Almost half of all data breaches occurred in the cloud and 43% of the organizations said they had not started or were in early stages of applying cloud security practices. Organizations with more security measures in place recovered quicker and paid a lower average cost per breach, according to IBM.
Nearly four out of five organizations in critical infrastructure industries have yet to deploy zero trust strategies. Moreover, companies in critical infrastructure paid an average cost of $1 million more than organizations in other markets — $4.8 million compared to $3.8 million, the report said.