In recent years, the mindset for cybersecurity has shifted. It isn’t a matter of if a company has a breach, but rather when a company has a breach. With the increase in cybersecurity incidents, most if not all companies will be victims of a data breach at some point. However, the latest research shows that organizations using zero trust can save more than $1 million during a breach.

Record high costs for data breaches

According to the 2022 IBM Cost of a Data Breach Report, more than 80% of organizations studied had more than one data breach. The report found that the cost of data breaches now averages an all-time high of $4.35 million in 2022, which is up 12.7% over the past two years. However, the cost of an average data breach in the U.S. is much higher, at $9.44 million, the highest of any country. Plus, the cost of an average data breach increases from $4.02 million to $4.99 million when remote working was a factor in the breach.

The costs of data breaches are not equal across industries. While health care has been the highest-cost industry for breaches for the past 12 years, the cost reached a recorded high of $10.10 million in 2022. Most concerning is the fact that the cost of a health care breach has increased 41.6% since the 2020 report. The financial sector came in a distant second, with a $5.97 million average, and pharma, technology and energy rounded out the top five.

Organizations now must shift their approach to risk reduction rather than breach prevention. In addition to reducing the occurrence, they need to proactively work to limit the damage from a breach. After all, organizations suffer many repercussions from each data breach, many of which are often overlooked. For 60% of surveyed groups, breaches led to increases in prices for customers. Costs such as reputation damage and customer loss are hard to quantify. However, they are also serious and real effects of a breach.

Zero trust reduces cost of a breach

In the past, organizations focused on protecting the perimeter and endpoints. However, the infrastructure of an organization is no longer contained within the physical building. Employees access the network from many locations and devices. This increases the risk of a breach for organizations holding on to the traditional mindset. It is simply impossible to protect a perimeter in today’s world.

Organizations that turn to zero trust realize 20.5% lower costs for a data breach than those not using zero trust. With zero trust, all devices, users and apps are assumed to be unauthorized until proven otherwise. Instead of a single technology, zero trust is a framework that uses multiple strategies, such as multifactor authentication and micro-segmentation. The overall approach focuses on making sure that employees have only the specific access they need to do their job. With micro-segmentation (splitting the network into tiny segments) breaches are contained to a much smaller area, which can limit the cost.

Organizations with zero trust deployed saved nearly $1 million in average breach costs compared to those without it. In addition, the cost of a breach at an organization with a mature zero trust model was $1.51 million less than at organizations early in their zero trust journey.

The way of the future

The number of organizations using zero trust has increased in recent years. However, a large number are still at high risk for a costly breach due to a lack of zero trust. Only 41% of those surveyed reported using zero trust. That is an increase from 2021 when 35% had partially or fully deployed a zero trust architecture.

The study found that a higher percentage than average (79%) of critical infrastructure organizations, such as financial services, industrial, technology, energy, transportation, communication, health care, education and the public sector, do not use zero trust. However, the costs for a breach for these are $1 million higher than the global average, making it even more critical that these industries consider zero trust.

Moving forward with zero trust

The pandemic changed many things about how work gets done. In turn, that has had a big impact on cybersecurity. Organizations that do not adjust their approaches are going to see a major impact from data breaches. This is even more true for those in the critical infrastructure industry. Instead, you can move to a zero trust approach now. That way, you can reduce future costs and have more budget to focus on growing your business.