IBM’s 2022 Data Breach Report, New Global Findings
On July 27, 2022, prominent technology company International Business Machines Corporation (IBM) released its annual Cost of a Data Breach Report. Much like other major companies that release such reports, such as ForgeRock’s Consumer Identity Breach Report 2022, among others, IBM’s data breach report provides consumers and business owners alike with a variety of statistics and metrics detailing the security breaches that have taken place thus far in 2022, as well as those that took place in the previous calendar year, with the goal of raising awareness regarding the matter of cybersecurity. To this point, IBM’s 17th installment of its data breach report covers the myriad of factors that have caused the costs associated with data breaches to increase significantly in recent years, as businesses around the world have very much struggled to contend with cybercriminals that look to steal personal information on a daily basis.
One of the key findings from IBM’s report is that the average cost of managing a data breach around the world in 2021 was $4.8 million dollars. As 2021 saw the most data breaches that had ever occurred in U.S. history, it is understandable that the cost of managing such incidents continues to rise every year. To this end, the study also revealed the cost of dealing with a data breach has risen by 12.7% since 2020, from $3.6 million dollars. On top of this, the report that 83% of all businesses and organizations across the globe that experienced a data breach in the past year had experienced such events previously, with only 17% of such entities claiming to have sustained a data breach for the first time. This being said, the manner in which a data breach affects a particular business is largely dependent on the industry in which it operates.
The healthcare industry
Another key finding that was unveiled in IBM’s report that is the cost of managing a data breach that occurs in a healthcare setting or facility continues to be substantially higher than dealing with the same events in other business settings. More specifically, the report states that the U.S. healthcare industry has had the highest average cost of dealing with a data breach for 12 consecutive years. Likewise, the report also notes that the average cost of managing a data breach that occurs within a healthcare setting in the U.S. is currently $10.10 million dollars. This is representative of a whopping 41% increase from 2020 alone, when the average cost was $5.97 million dollars. For comparison, IBM’s report states that the two closest competitors in this field were the pharmaceutical and technology industries, where the cost of dealing with a breach will still be less than 50% of what said events cost the healthcare industry, at $5.01 million dollars and 4.97 million dollars respectively.
Data breach costs by country
While major companies such as ForgeRock and IBM that produce data breach reports will undoubtedly poll and obtain information from varying sources, one statistic that was set forth in both studies rings true, the cost of dealing with a data breach in the U.S. is higher than any other country in the world. Subsequently, IBM’s report states that the average cost of dealing with a data breach in the U.S. is currently $9.44 million dollars, while ForgeRock reported this number at $9.5 million dollars. Much like healthcare breaches that take place within the U.S., 2022 is also the 12 consecutive year where the U.S. was the most expensive country to manage a security breach. For context, the two regions that were closest to the U.S. in terms of average costs were the Middle East at $7.46 million, and Canada at $5.64 million.
Security AI and automation
A fourth key finding that was established in IBM’s data breach report is that businesses and organizations around the world that had “fully deployed security AI and automation cost USD 3.05 million less than breaches at organizations with no security AI and automation deployed. This 65.2% difference in average breach cost — between USD 3.15 million for fully deployed versus USD 6.20 million for not deployed — represented the largest cost savings in the study.” Furthermore, the study also found that the use of AI and automation for the purpose of curtailing data breach incidents has risen by 20% in the last two years alone, from 59% to 79% in 2022. These numbers are indicative of the ways in which technological solutions can be effectively implemented to mitigate and ultimately reduce the occurrence of data breaches within a particular business or organization.
To illustrate this point further, many businesses will retain the information of their numerous customers after certain transactions or exchanges are made, be it for legal reasons, or obtain a greater level of insight into the wants and needs of said customers, as well as other reasons. Nevertheless, this information can also put a business at risk of experiencing a data breach if this information is not safeguarded correctly. As such, one technological solution that can be used to avoid such circumstances is automatic redaction software. These software programs give users the ability to remove personal data from a wide variety of mediums, including PDF documents, audio files, email messages, and video recordings, in addition to many others. What’s more, when comparing the cost of purchasing such software with the costs that a business may incur when a data breach occurs, the difference is exponentially greater.
Despite the damages that data breaches bring to both customers and businesses, they have become an inevitable part of utilizing online and digital services in the 21st century. As the world wide web is still a largely unregulated space, irrespective of the comprehensive data protection laws that have been passed across the world, security breaches will continue to occur due to the difficulty in catching the bad actors that launch such attacks. For this reason, businesses and organizations in every industry across the globe will have to develop new methods to fight the threats of data breaches, as the adverse consequences that can occur when such an incident happens can be hard to recover from.