Healthcare organizations saw average cost per breach at $10.1 million, more than double the global average. Credit: AndreyPopov / Getty Images The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches.The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. According to the report, about 83% of the organizations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach. Cloud and critical infrastructure remain at high riskThe report revealed that ransomware and destructive attacks represented 28% of breaches among critical infrastructure organizations studied, indicating threat actors specifically targeting the sector for disrupting global supply chain. The critical infrastructure sector includes financial services, industrial, transportation, and healthcare companies. The report also noted that in the US, even a year after the Biden administration issued a cybersecurity executive order mandating federal agencies to adopt a zero-trust security model, only 21% of critical infrastructure organizations surveyed have done so, raising costs by $1.17 million for those who did not. Seventeen percent of the critical infrastructure breaches were caused due to a business partner being initially compromised.Cloud computing infrastructure is an even easier target because of the security immaturity it suffers, according to the report. “Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments,” it added. Hybrid cloud, however, has offered a silver lining in digital transformation as organizations adopting hybrid clouds (45%) have witnessed lower breach costs than the ones with a solely public or private cloud model, according to the report. While the breach cost for hybrid cloud averaged $3.8 million, public clouds recorded $5.02 million while private clouds recorded $4.24 million in breach costs respectively.Overall, 45% of the breaches occurred in the cloud, making cloud architecture the most sought after target. Forty-three percent of the organizations said they are either still in the early stages or have not started implementing security solutions to protect their cloud infrastructure.While compromised credentials were the leading cause of data breaches among companies surveyed (at 19%), phishing—in second place at 16%—has emerged as the costliest, leading to $4.91 million in average breach costs for responding organizations, the report underlined. Healthcare sector hit hardest by breach costsHealthcare has been for the last 12 years and continues to be the industry hit hardest by the cost of breaches, with average costs per breach increasing by $1 million to a record total of $10.1 million.According to the report, businesses that paid threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay—not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs—all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts. Organizations suffering data breaches could also be looking at costs of federal offenses.Among concerning factors, 62% of the suryeyed organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed. Implementing security AI and automation has helped reduce costs by $3.05 million on average, the report added. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe