September 21, 2022 By Jennifer Gregory 3 min read

In recent years, the mindset for cybersecurity has shifted. It isn’t a matter of if a company has a breach, but rather when a company has a breach. With the increase in cybersecurity incidents, most if not all companies will be victims of a data breach at some point. However, the latest research shows that organizations using zero trust can save more than $1 million during a breach.

Record high costs for data breaches

According to the 2022 IBM Cost of a Data Breach Report, more than 80% of organizations studied had more than one data breach. The report found that the cost of data breaches now averages an all-time high of $4.35 million in 2022, which is up 12.7% over the past two years. However, the cost of an average data breach in the U.S. is much higher, at $9.44 million, the highest of any country. Plus, the cost of an average data breach increases from $4.02 million to $4.99 million when remote working was a factor in the breach.

The costs of data breaches are not equal across industries. While health care has been the highest-cost industry for breaches for the past 12 years, the cost reached a recorded high of $10.10 million in 2022. Most concerning is the fact that the cost of a health care breach has increased 41.6% since the 2020 report. The financial sector came in a distant second, with a $5.97 million average, and pharma, technology and energy rounded out the top five.

Organizations now must shift their approach to risk reduction rather than breach prevention. In addition to reducing the occurrence, they need to proactively work to limit the damage from a breach. After all, organizations suffer many repercussions from each data breach, many of which are often overlooked. For 60% of surveyed groups, breaches led to increases in prices for customers. Costs such as reputation damage and customer loss are hard to quantify. However, they are also serious and real effects of a breach.

Explore the Report

Zero trust reduces cost of a breach

In the past, organizations focused on protecting the perimeter and endpoints. However, the infrastructure of an organization is no longer contained within the physical building. Employees access the network from many locations and devices. This increases the risk of a breach for organizations holding on to the traditional mindset. It is simply impossible to protect a perimeter in today’s world.

Organizations that turn to zero trust realize 20.5% lower costs for a data breach than those not using zero trust. With zero trust, all devices, users and apps are assumed to be unauthorized until proven otherwise. Instead of a single technology, zero trust is a framework that uses multiple strategies, such as multifactor authentication and micro-segmentation. The overall approach focuses on making sure that employees have only the specific access they need to do their job. With micro-segmentation (splitting the network into tiny segments) breaches are contained to a much smaller area, which can limit the cost.

Organizations with zero trust deployed saved nearly $1 million in average breach costs compared to those without it. In addition, the cost of a breach at an organization with a mature zero trust model was $1.51 million less than at organizations early in their zero trust journey.

The way of the future

The number of organizations using zero trust has increased in recent years. However, a large number are still at high risk for a costly breach due to a lack of zero trust. Only 41% of those surveyed reported using zero trust. That is an increase from 2021 when 35% had partially or fully deployed a zero trust architecture.

The study found that a higher percentage than average (79%) of critical infrastructure organizations, such as financial services, industrial, technology, energy, transportation, communication, health care, education and the public sector, do not use zero trust. However, the costs for a breach for these are $1 million higher than the global average, making it even more critical that these industries consider zero trust.

Moving forward with zero trust

The pandemic changed many things about how work gets done. In turn, that has had a big impact on cybersecurity. Organizations that do not adjust their approaches are going to see a major impact from data breaches. This is even more true for those in the critical infrastructure industry. Instead, you can move to a zero trust approach now. That way, you can reduce future costs and have more budget to focus on growing your business.

More from Zero Trust

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today