In recent years, the mindset for cybersecurity has shifted. It isn’t a matter of if a company has a breach, but rather when a company has a breach. With the increase in cybersecurity incidents, most if not all companies will be victims of a data breach at some point. However, the latest research shows that organizations using zero trust can save more than $1 million during a breach. 

Record High Costs for Data Breaches

According to the 2022 IBM Cost of a Data Breach Report, more than 80% of organizations studied had more than one data breach. The report found that the cost of data breaches now averages an all-time high of $4.35 million in 2022, which is up 12.7% over the past two years. However, the cost of an average data breach in the U.S. is much higher, at $9.44 million, the highest of any country. Plus, the cost of an average data breach increases from $4.02 million to $4.99 million when remote working was a factor in the breach.

The costs of data breaches are not equal across industries. While health care has been the highest-cost industry for breaches for the past 12 years, the cost reached a recorded high of $10.10 million in 2022. Most concerning is the fact that the cost of a health care breach has increased 41.6% since the 2020 report. The financial sector came in a distant second, with a $5.97 million average, and pharma, technology and energy rounded out the top five.

Organizations now must shift their approach to risk reduction rather than breach prevention. In addition to reducing the occurrence, they need to proactively work to limit the damage from a breach. After all, organizations suffer many repercussions from each data breach, many of which are often overlooked. For 60% of surveyed groups, breaches led to increases in prices for customers. Costs such as reputation damage and customer loss are hard to quantify. However, they are also serious and real effects of a breach.

Explore the Report

Zero Trust Reduces Cost of a Breach

In the past, organizations focused on protecting the perimeter and endpoints. However, the infrastructure of an organization is no longer contained within the physical building. Employees access the network from many locations and devices. This increases the risk of a breach for organizations holding on to the traditional mindset. It is simply impossible to protect a perimeter in today’s world.

Organizations that turn to zero trust realize 20.5% lower costs for a data breach than those not using zero trust. With zero trust, all devices, users and apps are assumed to be unauthorized until proven otherwise. Instead of a single technology, zero trust is a framework that uses multiple strategies, such as multifactor authentication and micro-segmentation. The overall approach focuses on making sure that employees have only the specific access they need to do their job. With micro-segmentation (splitting the network into tiny segments) breaches are contained to a much smaller area, which can limit the cost.

Organizations with zero trust deployed saved nearly $1 million in average breach costs compared to those without it. In addition, the cost of a breach at an organization with a mature zero trust model was $1.51 million less than at organizations early in their zero trust journey.

The Way of the Future

The number of organizations using zero trust has increased in recent years. However, a large number are still at high risk for a costly breach due to a lack of zero trust. Only 41% of those surveyed reported using zero trust. That is an increase from 2021 when 35% had partially or fully deployed a zero trust architecture.

The study found that a higher percentage than average (79%) of critical infrastructure organizations, such as financial services, industrial, technology, energy, transportation, communication, health care, education and the public sector, do not use zero trust. However, the costs for a breach for these are $1 million higher than the global average, making it even more critical that these industries consider zero trust.

Moving Forward With Zero Trust

The pandemic changed many things about how work gets done. In turn, that has had a big impact on cybersecurity. Organizations that do not adjust their approaches are going to see a major impact from data breaches. This is even more true for those in the critical infrastructure industry. Instead, you can move to a zero trust approach now. That way, you can reduce future costs and have more budget to focus on growing your business. 


More from Zero Trust

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

How zero trust changed the course of cybersecurity

4 min read - For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods inadequate. Clearly, the perimeter no longer exists. Then the pandemic turned the gradual digital transition into a sudden scramble. This left many companies struggling to secure vast networks of remote employees accessing systems. Also, we’ve seen an explosion of apps,…

SOAR, SIEM, SASE and zero trust: How they all fit together

4 min read - Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs and level of accepted risks. However, once the dive into today’s best practices and strategies begins, it’s easy to quickly become overwhelmed with SOAR, SIEM, SASE and Zero Trust —  especially since they almost all start with the letter S.…

Contain breaches and gain visibility with microsegmentation

4 min read - Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…