Healthcare organizations saw average cost per breach at $10.1 million, more than double the global average. Credit: AndreyPopov / Getty Images The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches.The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. According to the report, about 83% of the organizations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach. Cloud and critical infrastructure remain at high riskThe report revealed that ransomware and destructive attacks represented 28% of breaches among critical infrastructure organizations studied, indicating threat actors specifically targeting the sector for disrupting global supply chain. The critical infrastructure sector includes financial services, industrial, transportation, and healthcare companies. The report also noted that in the US, even a year after the Biden administration issued a cybersecurity executive order mandating federal agencies to adopt a zero-trust security model, only 21% of critical infrastructure organizations surveyed have done so, raising costs by $1.17 million for those who did not. Seventeen percent of the critical infrastructure breaches were caused due to a business partner being initially compromised.Cloud computing infrastructure is an even easier target because of the security immaturity it suffers, according to the report. “Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments,” it added. Hybrid cloud, however, has offered a silver lining in digital transformation as organizations adopting hybrid clouds (45%) have witnessed lower breach costs than the ones with a solely public or private cloud model, according to the report. While the breach cost for hybrid cloud averaged $3.8 million, public clouds recorded $5.02 million while private clouds recorded $4.24 million in breach costs respectively.Overall, 45% of the breaches occurred in the cloud, making cloud architecture the most sought after target. Forty-three percent of the organizations said they are either still in the early stages or have not started implementing security solutions to protect their cloud infrastructure.While compromised credentials were the leading cause of data breaches among companies surveyed (at 19%), phishing—in second place at 16%—has emerged as the costliest, leading to $4.91 million in average breach costs for responding organizations, the report underlined.Healthcare sector hit hardest by breach costsHealthcare has been for the last 12 years and continues to be the industry hit hardest by the cost of breaches, with average costs per breach increasing by $1 million to a record total of $10.1 million.According to the report, businesses that paid threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay—not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs—all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts. Organizations suffering data breaches could also be looking at costs of federal offenses.Among concerning factors, 62% of the suryeyed organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed. Implementing security AI and automation has helped reduce costs by $3.05 million on average, the report added. Related content news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security brandpost Sponsored by Microsoft Security New threat trends emerge out of East Asia With total vigilance concerning the latest East Asian developments in the threat landscape, security leaders can enhance their readiness to safeguard against the most imminent dangers. By Microsoft Security May 14, 2024 5 mins Security news Equipped with AI tools, hackers make apps riskier than ever The odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools. By Shweta Sharma May 14, 2024 4 mins Application Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe