Content, Channel partners, Content

Cybersecurity Report: Average Data Breach in U.S. Costs $9.4 Million

Credit: Getty Images

Cybercriminals are attacking organizations of all sizes and across all industries. However, the sophistication of cyberattacks varies based on an organization's size and vertical, according to the 2022 Compromise Flashcard report from continuous compromise assessment provider Lumu Technologies.

Phishing Attacks Commonplace

Phishing attacks are common problems for small, medium and large organizations, the Lumu report indicated. Cybercriminals most frequently launched phishing attacks against organizations across the following industries:

  • Small Organizations. Education (32.7%) was the top sector targeted during phishing attacks, followed by healthcare (32.5%) and retail (31.5%).
  • Medium Organizations. Hospitality (39.4%) was most commonly targeted during phishing attacks, followed by healthcare (36.6%) and energy and utilities (34%).
  • Large Organizations. Insurance (52.3%) was the most targeted industry during phishing attacks, followed by consulting (52.2%) and energy and utilities (50.9%).

Among all industries across organizations of all sizes, the professional sector (19.3%) was most frequently affected by data breaches, the Lumu report shows. Other industries frequently affected by data breaches included the public administration (15.1%) and information (13.9%) sectors.

Data Breach Costs Are Increasing in the United States

Lumu's report also highlights the rising costs of data breaches and some of the most common cyber threats affecting today's organizations, reflected in the following results:

  • The average cost of a data breach in the United States totaled $9.4 million in 2022, up from $9 million in 2021 and $8.6 million in 2020.
  • On average, it takes an organization 201 days to detect a security compromise and 271 days to identify and contain a data breach.
  • Conficker was the most active malware family identified by Lumu, followed by Necurs and Suppobox.
  • 59% of organizations said they detected malware on their corporate devices, and 50% noted they monitor their roaming devices.

There is "no one-size-fits-all solution" to cybersecurity, Lumu points out. To address cyberattacks, organizations must have visibility into cyber threats and understand the risks associated with them. That way, organizations can take appropriate steps to guard against cyber threats and optimize their security posture.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.