October 13, 2022 By Jonathan Reed 4 min read

Geopolitical conflict, inflation, job market pressure, rising debt — we’ve been hearing about economic headwinds for a while now. Could data breaches have anything to do with this?

According to a recent IBM report, the average cost of a data breach has reached an all-time high. Like any other business liability, these costs must be absorbed somehow. Given the rising risk and costs, cyberattacks have undoubtedly evolved into market stressors. The magnitude of the problem might surprise you.

Despite the undeniable challenges, there are effective methods to minimize the impact of a data breach. Let’s find out how.

Staggering numbers

We can look at the numbers to measure the impact of data breaches on economic instability. According to the IBM Cost of a Data Breach 2022 Report, the data breach average cost increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022. This is also a 12.7% increase in cost from $3.86 million in the 2020 report.

Meanwhile, the UNCDF states that “the economic cost of information and technology asset security breaches in 2020 was a staggering USD 4-6 trillion, equivalent to about 4-6% of global GDP.” This translates into a $4.5 trillion impact in 2020. If the percentages stay roughly the same, the total cost will be approximately $5.2 trillion in 2022.

War makes markets unstable

When the war in Ukraine began, it sent shockwaves throughout global markets. The ripple effect continues to this day. The cyber war front has also heated up, resulting in a hybrid war effect.

The CyberPeace Institute states that:

“Cyberattacks on infrastructure such as energy, water, healthcare, financial institutions, transport and communication services can have devastating consequences on the civilian population…. Beyond the risks to critical infrastructure and civilian objects, cyberattacks sow distrust, limit access to accurate information or spread false information. They can also be highly disruptive and create a sense of fear and uncertainty and even lead to the eventual displacement of people.”

Direct consequences of incidents include a sense of fear and uncertainty. This leads to disruption at all levels of society, including the business and financial markets.

Absorbing the cost of a breach

The cost of breaches has clearly impacted the macroeconomy. Meanwhile, every organization sits down at least once a year to calculate its budget. Today, strong security has become mission-critical. Business leaders face tough choices as the cost of data breaches continues to rise. If the cost of business increases due to security concerns, then goods and service prices will also rise.

When costs go up, companies may also respond by reducing their employee headcount. It’s difficult to measure how much security issues affect employment figures. But if trillions of dollars are being lost due to attacks, people might also lose their jobs due to breaches.

Explore the Report 

Business uncertainty

Let’s say you own or run a company. How do you assess the risk? What steps do you take, given the large potential downside involved? Can you afford to spend $4.35 million on a data breach? What if you have more than one incident? In the IBM study, 83% of organizations reported having had more than one data breach.

This uneasiness forces decision makers to choose. Do you invest in stronger security? Do you increase prices just in case? Either way, the economic impact is real. In fact, the IBM report revealed that 60% of organizations’ breaches led to increases in prices passed on to customers.

Do the right thing

Despite the danger and unpredictability, companies should treat the risk of a breach like any other business risk. Risk comes with a cost and with ways to mitigate any potential damage. Directors and officers are obliged to creditors, shareholders and customers to preserve and protect business and IT assets.

Every organization, from corporations to police stations to schools to health care, is at risk. The new reality is that cybersecurity should be part of your core organizational strategy. It cannot be a second-tier priority any longer. Relying on audits, weak security add-ons and a memo now and then won’t protect your organization.

Increasingly, governments are calling for more responsible security in the public and private sectors. Security controls include management, operational and technical measures to protect the confidentiality, availability and integrity of information and technology assets.

Be prepared

The most effective attacks continue to trick people into giving up some kind of access. From there, actors sneak into systems to find or install backdoors. Attack kits and ransomware are even being sold for as-a-service.

Still, some methods can turn the tide in your favor. For instance, the IBM report revealed that breaches at organizations with fully deployed security AI and automation cost $3.05 million less than breaches at organizations with no security AI and automation deployed. This 65.2% difference in average breach cost represented the largest cost savings in the study.

Companies with fully deployed security AI and automation also experienced, on average, a 74-day shorter time to identify and contain the breach compared to those without security AI and automation.

Other factors mentioned in the report that positively impact incident response include:

  • Incident response (IR) team and regularly tested IR plan: Businesses with an IR team that tested their IR plan saw an average of $2.66 million lower breach costs.
  • Extended detection and response (XDR) technologies: Those organizations with XDR deployed shortened the breach lifecycle by 29 days on average.
  • Risk quantification: By looking at impacts, including financial impacts, availability of data and data integrity, companies can save $2.1 million on average.

Room for optimism

The threat landscape continues to increase in complexity, and the stakes are high. Security has a significant impact on the global economy. But there is hope. Effective security methods are available; it’s up to organizations to take the proper steps to minimize the damage and the costs.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today