The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020.

New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when inflation is growing, breached businesses have passed higher costs to customers, with 60% of organizations in the study reporting that they increased the price of goods and services in response to losses from the breach.

These are among the dozens of findings from the study of 550 organizations across a variety of industries and geographies that experienced a data breach between March 2021 and March 2022. Now in its 17th year, with research independently conducted by Ponemon Institute, and featuring analysis by IBM Security, the Cost of a Data Breach Report is among the leading benchmark reports in the security industry. It offers IT, security and business leaders a lens into risk factors that can increase the costs associated with a data breach, and which security practices and technologies can help mitigate security risk and financial damages.

Top findings in the 2022 report

The use of security AI and automation has jumped by nearly one-fifth since 2020, and cost savings from security AI and automation were the highest of any factor studied.

The percentage of organizations with security AI and automation deployed grew from 59% in 2020 to 70% in 2022, an 18.6% growth rate. Those organizations that reported their security AI and automation technologies are “fully deployed” — 31% of organizations — experienced breach costs that were $3.05 million less than at organizations with no security AI and automation. Data breaches at organizations with no security AI and automation deployed cost an average $6.2 million, compared to an average $3.15 million at organizations where security AI and automation was fully deployed.

The ROI from security AI and automation is apparent from another metric, that of time. Security AI and automation not only reduced costs, but they also significantly lowered the time to identify and contain a data breach (i.e., the breach lifecycle). With those technologies fully deployed, the average lifecycle of a data breach was 74 days shorter than the average for no security AI and automation.

IBM provides SOAR solutions to help businesses accelerate incident response with automation, process standardization and integration with businesses’ existing security tools. These capabilities enable a more dynamic response, providing security teams with intelligence to adapt and guidance to resolve incidents with agility and speed.

Healthcare breach costs surged to $10.1 million, the highest average cost of any industry for 12th year in a row.

While healthcare costs in the U.S. have seen increases between 6% and 7% since 2020, according to PwC, data breach costs in the industry have far outpaced overall healthcare inflation in the same time period. Healthcare industry breach costs surged 42%, growing from $7.13 million in 2020 to $10.10 million in 2022. Healthcare has been the highest cost industry for 12 years in a row.

More organizations deploy zero trust in 2022 than they did in 2021, with cost savings of about $1 million.

This was the second year that the report looked at the impact of a zero trust security framework on the average cost of a data breach. The share of organizations deploying a zero trust architecture grew from 35% in 2021 to 41% in 2022. The other 59% percent of organizations studied in the 2022 report who do not deploy zero trust incurred an average of $1 million in greater breach costs compared to those that do deploy zero trust. However, the cost savings were even greater for those with a mature zero trust deployment — about $1.5 million lower compared to organizations at the initial stages of a zero trust program.

Ransomware and destructive attacks were more expensive than the average breach in 2022, while the share of breaches involving ransomware grew by 41%.

Last year was the first year that the report looked at the cost of ransomware and destructive attacks. The average cost of a ransomware attack — not including the cost of the ransom — went down slightly in 2022, from $4.62 million to $4.54 million, while destructive attacks increased in cost from $4.69 million to $5.12 million, compared to the global average of $4.35 million. The share of breaches caused by ransomware grew from 7.8% in 2021 to 11% in 2022, a growth rate of 41%.

The impact of incident response teams and regularly tested incident response plans on cost was $2.66 million in average savings.

Forming an incident response (IR) team and extensive testing of the IR plan were two of the most effective ways to mitigate the cost of a data breach. However, of studied businesses that have IR plans (73%), 37% don’t test their plan regularly. It’s essential that businesses routinely test their IR plans through tabletop exercises or run a breach scenario in a simulated environment, such as a cyber range.

Read the Report

What’s new in the 2022 report

The 2022 study broke new ground in research with some fresh findings showing how the cost of a breach was affected by factors including supply chain compromises, critical infrastructure, and the skills gap. The study also explored how security technologies, including extended detection and response (XDR) and cloud security, impacted breach costs. Below are some of these findings.

$4.82 million was the average cost of a critical infrastructure data breach.

The average cost of a data breach for critical infrastructure organizations studied was $4.82 million — $1 million more than the average cost for organizations in other industries. Critical infrastructure organizations included those in the financial services, industrial, technology, energy, transportation, communication, healthcare, education, and public sector industries. Twenty-eight percent of critical infrastructure organizations experienced a destructive or ransomware attack, while 17% experienced a breach because of a business partner being compromised.

45% of breaches occurred in the cloud, but breaches cost less in hybrid cloud environments.

Forty-five percent of breaches in the study occurred in the cloud. Breaches that happened in a hybrid cloud environment cost an average of $3.80 million, compared to $4.24 million for breaches in private clouds and $5.02 million for breaches in public clouds. Organizations with a hybrid cloud model also had shorter breach lifecycles than organizations that solely adopt a public or private cloud model. It took 48 fewer days for hybrid cloud adopters to identify and contain a breach, compared to public cloud adopters.

XDR technologies helped reduce breach lifecycles by almost a month.

Those 44% of organizations with XDR technologies saw considerable advantages in response times. Organizations with XDR deployed had a data breach lifecycle that was on average 29 days shorter compared to organizations that didn’t implement XDR.

XDR capabilities can help significantly reduce average data breach costs and breach lifecycles. For example, IBM Security QRadar XDR enabled businesses to detect and eliminate threats faster by leveraging its single unified workflow across tools.

The skills gap cost organizations more than half a million dollars in data breach costs.

Just 38% of organizations in the study said their security team was sufficiently staffed. This skills gap was associated with data breach costs that were $550,000 higher for understaffed organizations than for those with sufficiently staffed security teams.

Nearly one-fifth of breaches were caused by a supply chain compromise, which cost more and took nearly a month longer to contain.

A number of major attacks in recent years have reached organizations through the supply chain, such as organizations being breached due to the compromise of a business partner or supplier. In 2022, 19% of breaches were supply chain attacks, at an average cost of $4.46 million, slightly higher than the global average. Supply chain compromises had an average lifecycle that was 26 days longer than the global average lifecycle.

More to explore

The Cost of a Data Breach Report contains a wealth of information that can help organizations understand potential financial risks and benchmark costs based on a variety of factors. Plus, the report includes recommendations for security best practices based on IBM Security’s analysis of the research.

There’s more to explore in the full report, including:

  • Global findings — the average cost of a data breach in 17 different geographies and 17 industries, including the top country (United States — $9.44 million).
  • Impact of incident response teams and regularly tested incident response plans on cost ($2.66 million in average savings).
  • Frequency and average cost of the most common attack vectors causing the breaches, including stolen credentials (19%, $4.5 million), phishing (16%, $4.91 million) and cloud misconfiguration (15%, $4.14 million).
  • Effects of security measures and technologies, including risk quantification techniques, identity and access management, multi-factor authentication and crisis management teams.
  • Impacts of security vulnerabilities, including security system complexity, attacks in the midst of cloud migration, remote work and compliance failures.
  • Cost of mega breaches of over 1 million records, including the largest breaches of up to 60 million records that cost nearly $400 million.

Register to download a PDF of the complete report.

Register for a webinar with IBM Security experts discussing key findings and best practices.

More from Data Protection

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today