In recent years, the mindset for cybersecurity has shifted. It isn’t a matter of if a company has a breach, but rather when a company has a breach. With the increase in cybersecurity incidents, most if not all companies will be victims of a data breach at some point. However, the latest research shows that organizations using zero trust can save more than $1 million during a breach. 

Record High Costs for Data Breaches

According to the 2022 IBM Cost of a Data Breach Report, more than 80% of organizations studied had more than one data breach. The report found that the cost of data breaches now averages an all-time high of $4.35 million in 2022, which is up 12.7% over the past two years. However, the cost of an average data breach in the U.S. is much higher, at $9.44 million, the highest of any country. Plus, the cost of an average data breach increases from $4.02 million to $4.99 million when remote working was a factor in the breach.

The costs of data breaches are not equal across industries. While health care has been the highest-cost industry for breaches for the past 12 years, the cost reached a recorded high of $10.10 million in 2022. Most concerning is the fact that the cost of a health care breach has increased 41.6% since the 2020 report. The financial sector came in a distant second, with a $5.97 million average, and pharma, technology and energy rounded out the top five.

Organizations now must shift their approach to risk reduction rather than breach prevention. In addition to reducing the occurrence, they need to proactively work to limit the damage from a breach. After all, organizations suffer many repercussions from each data breach, many of which are often overlooked. For 60% of surveyed groups, breaches led to increases in prices for customers. Costs such as reputation damage and customer loss are hard to quantify. However, they are also serious and real effects of a breach.

Explore the Report

Zero Trust Reduces Cost of a Breach

In the past, organizations focused on protecting the perimeter and endpoints. However, the infrastructure of an organization is no longer contained within the physical building. Employees access the network from many locations and devices. This increases the risk of a breach for organizations holding on to the traditional mindset. It is simply impossible to protect a perimeter in today’s world.

Organizations that turn to zero trust realize 20.5% lower costs for a data breach than those not using zero trust. With zero trust, all devices, users and apps are assumed to be unauthorized until proven otherwise. Instead of a single technology, zero trust is a framework that uses multiple strategies, such as multifactor authentication and micro-segmentation. The overall approach focuses on making sure that employees have only the specific access they need to do their job. With micro-segmentation (splitting the network into tiny segments) breaches are contained to a much smaller area, which can limit the cost.

Organizations with zero trust deployed saved nearly $1 million in average breach costs compared to those without it. In addition, the cost of a breach at an organization with a mature zero trust model was $1.51 million less than at organizations early in their zero trust journey.

The Way of the Future

The number of organizations using zero trust has increased in recent years. However, a large number are still at high risk for a costly breach due to a lack of zero trust. Only 41% of those surveyed reported using zero trust. That is an increase from 2021 when 35% had partially or fully deployed a zero trust architecture.

The study found that a higher percentage than average (79%) of critical infrastructure organizations, such as financial services, industrial, technology, energy, transportation, communication, health care, education and the public sector, do not use zero trust. However, the costs for a breach for these are $1 million higher than the global average, making it even more critical that these industries consider zero trust.

Moving Forward With Zero Trust

The pandemic changed many things about how work gets done. In turn, that has had a big impact on cybersecurity. Organizations that do not adjust their approaches are going to see a major impact from data breaches. This is even more true for those in the critical infrastructure industry. Instead, you can move to a zero trust approach now. That way, you can reduce future costs and have more budget to focus on growing your business. 


More from Zero Trust

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

What to Know About the Pentagon’s New Push for Zero Trust

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. But first, let’s review this zero trust business. What is Zero Trust? Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer. It’s not about whether a person or…

Effectively Enforce a Least Privilege Strategy

Every security officer wants to minimize their attack surface. One of the best ways to do this is by implementing a least privilege strategy. One report revealed that data breaches from insiders could cost as much as 20% of annual revenue. Also, at least one in three reported data breaches involve an insider. Over 78% of insider data breaches involve unintentional data loss or exposure. Least privilege protocols can help prevent these kinds of blunders. Clearly, proper management of access…