New IBM Security Report Reveals Consumers Pay the Price for Costlier and Higher-Impact Data Breaches

Rick has a great interview here:

Limor Kessem, Principal Consultant, Cyber Crisis Management, IBM Security

Background

Cyberattacks have evolved over the past two years into market-moving moments, such as the Colonial Pipeline and JBS Meats attacks that disrupted supply. The impact of this disruption is now being felt in higher prices for goods and services amidst record-high inflation and supply chain strains.

IBM’s 2022 Cost of a Data Breach Report revealed how and why these higher-impact data breachers have influenced the pricing of these goods and services. Through studying 550 breached worldwide organizations, the report found that 60% of these organizations raised their goods or services prices because of the breaches – and 83% of organizations revealed they have also experienced more than one data breach in their lifetime. Cybercriminals have found leverage in these organizations’ critical role in global supply chains, with apparent effects.

Key findings from the 2022 report highlighting the weaknesses in businesses include:

Critical Infrastructure Lags in Zero Trust – Almost 80% of critical infrastructure organizations studied don’t adopt a zero trust strategy – seen widely as a best practice for modern cybersecurity programs. These organizations had average breach costs of $5.4 million – a $1.17 million increase compared to those that applied zero trust. Additionally, 28% of critical infrastructure organizations stated they were victims of ransomware or destructive attacks.

It Doesn’t Pay to Pay – Ransomware victims that opted to pay threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay. However, when including the ransom amount in total breach costs, the financial toll may rise even higher, suggesting that simply paying the ransom is not an effective strategy.

Cloud Security Immaturity – Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 higher breach costs on average than organizations with mature security across their cloud environments.

Security AI and Automation Leads as Multi-Million Dollar Cost Saver – Organizations fully deploying security automation incurred $3.05 million less in breach costs compared to organizations that have not deployed the technology. Overall, security automation was the biggest cost saver observed in the report.

Cybercriminals have found leverage by exploiting security weaknesses within these organizations - and through often-reoccurring breaches and the subsequent impact on supply chains, consumers will continue to be affected throughout 2022 and beyond.