Content, Content, Ransomware

IBM Ties Data Breach Costs to Supply Chain Disruption, Rising Prices

BARCELONA, SPAIN – FEBRUARY 26:  A logo sits illumintated outside the IBM booth on day 2 of the GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain. The annual Mobile World Congress hosts some of the world’s largest communications companies, with many unveiling their latest phones and wearables gadgets like foldable...

Costly data breaches may be linked to global supply chain shortages and rising prices that have plagued the market in the last year for goods and services, IBM suggested in a new study of some 550 organizations.

The global average cost of a data breach reached a record high of $4.35 million for the organizations surveyed in IBM’s 2022 Cost of a Data Breach report. And with breach costs increasing nearly 13% over the last two years of the report, the data also showed that 60% of studied organizations raised their product or services prices due to the breach.

And, in what IBM called the “haunting effect” of data breaches, more than eight in 10 companies were hit by more than one breach and nearly 50% of breach costs are incurred more than a year after the breach.

Average Cost of Data Breach Hits $5.4 Million

Here are some primary findings from the report:

  • Almost 80% of critical infrastructure organizations don't deploy zero trust, seeing average breach costs rise to $5.4 million, a $1.17 million increase compared to those that do.
  • Ransomware victims in the study that opted to pay threat actors' ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay, not including the cost of the ransom.
  • 43%t of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than organizations with mature security across their cloud environments.
  • Participating organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology, the biggest cost saver observed in the study.
  • Businesses that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average, respectively.
  • While compromised credentials are the most common cause of a breach (19%), phishing was the second (16%) and the costliest cause, leading to $4.91 million in average breach costs for responding organizations.
  • For the 12th year in a row, healthcare participants saw the costliest breaches among industries, with average breach costs in healthcare increasing by nearly $1 million to reach a record high of $10.1 million.
  • 62% of studied organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.

Beating Attackers to the Punch

Of particular note, IBM pointed to a conundrum regarding victims’ meeting ransomware hijackers’ payment demands to unlock their systems. In the short term, businesses that paid threat actors' ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay. But that figure does not include the ransom amount paid. When including the ransom payment, which can top $800,000, the net is businesses that pay the ransom tithe inadvertently fund future ransom attacks with capital that could be allocated to remediation and recovery.

Charles Henderson, global head of IBM Security X-Force, issued a challenge to businesses:

"Businesses need to put their security defenses on the offense and beat attackers to the punch. It's time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases."

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.