The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020.

New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when inflation is growing, breached businesses have passed higher costs to customers, with 60% of organizations in the study reporting that they increased the price of goods and services in response to losses from the breach.

These are among the dozens of findings from the study of 550 organizations across a variety of industries and geographies that experienced a data breach between March 2021 and March 2022. Now in its 17th year, with research independently conducted by Ponemon Institute, and featuring analysis by IBM Security, the Cost of a Data Breach Report is among the leading benchmark reports in the security industry. It offers IT, security and business leaders a lens into risk factors that can increase the costs associated with a data breach, and which security practices and technologies can help mitigate security risk and financial damages.

Top findings in the 2022 report

The use of security AI and automation has jumped by nearly one-fifth since 2020, and cost savings from security AI and automation were the highest of any factor studied.

The percentage of organizations with security AI and automation deployed grew from 59% in 2020 to 70% in 2022, an 18.6% growth rate. Those organizations that reported their security AI and automation technologies are “fully deployed” — 31% of organizations — experienced breach costs that were $3.05 million less than at organizations with no security AI and automation. Data breaches at organizations with no security AI and automation deployed cost an average $6.2 million, compared to an average $3.15 million at organizations where security AI and automation was fully deployed.

The ROI from security AI and automation is apparent from another metric, that of time. Security AI and automation not only reduced costs, but they also significantly lowered the time to identify and contain a data breach (i.e., the breach lifecycle). With those technologies fully deployed, the average lifecycle of a data breach was 74 days shorter than the average for no security AI and automation.

IBM provides SOAR solutions to help businesses accelerate incident response with automation, process standardization and integration with businesses’ existing security tools. These capabilities enable a more dynamic response, providing security teams with intelligence to adapt and guidance to resolve incidents with agility and speed.

Healthcare breach costs surged to $10.1 million, the highest average cost of any industry for 12th year in a row.

While healthcare costs in the U.S. have seen increases between 6% and 7% since 2020, according to PwC, data breach costs in the industry have far outpaced overall healthcare inflation in the same time period. Healthcare industry breach costs surged 42%, growing from $7.13 million in 2020 to $10.10 million in 2022. Healthcare has been the highest cost industry for 12 years in a row.

More organizations deploy zero trust in 2022 than they did in 2021, with cost savings of about $1 million.

This was the second year that the report looked at the impact of a zero trust security framework on the average cost of a data breach. The share of organizations deploying a zero trust architecture grew from 35% in 2021 to 41% in 2022. The other 59% percent of organizations studied in the 2022 report who do not deploy zero trust incurred an average of $1 million in greater breach costs compared to those that do deploy zero trust. However, the cost savings were even greater for those with a mature zero trust deployment — about $1.5 million lower compared to organizations at the initial stages of a zero trust program.

Ransomware and destructive attacks were more expensive than the average breach in 2022, while the share of breaches involving ransomware grew by 41%.

Last year was the first year that the report looked at the cost of ransomware and destructive attacks. The average cost of a ransomware attack — not including the cost of the ransom — went down slightly in 2022, from $4.62 million to $4.54 million, while destructive attacks increased in cost from $4.69 million to $5.12 million, compared to the global average of $4.35 million. The share of breaches caused by ransomware grew from 7.8% in 2021 to 11% in 2022, a growth rate of 41%.

The impact of incident response teams and regularly tested incident response plans on cost was $2.66 million in average savings.

Forming an incident response (IR) team and extensive testing of the IR plan were two of the most effective ways to mitigate the cost of a data breach. However, of studied businesses that have IR plans (73%), 37% don’t test their plan regularly. It’s essential that businesses routinely test their IR plans through tabletop exercises or run a breach scenario in a simulated environment, such as a cyber range.

Read the Report

What’s new in the 2022 report

The 2022 study broke new ground in research with some fresh findings showing how the cost of a breach was affected by factors including supply chain compromises, critical infrastructure, and the skills gap. The study also explored how security technologies, including extended detection and response (XDR) and cloud security, impacted breach costs. Below are some of these findings.

$4.82 million was the average cost of a critical infrastructure data breach.

The average cost of a data breach for critical infrastructure organizations studied was $4.82 million — $1 million more than the average cost for organizations in other industries. Critical infrastructure organizations included those in the financial services, industrial, technology, energy, transportation, communication, healthcare, education, and public sector industries. Twenty-eight percent of critical infrastructure organizations experienced a destructive or ransomware attack, while 17% experienced a breach because of a business partner being compromised.

45% of breaches occurred in the cloud, but breaches cost less in hybrid cloud environments.

Forty-five percent of breaches in the study occurred in the cloud. Breaches that happened in a hybrid cloud environment cost an average of $3.80 million, compared to $4.24 million for breaches in private clouds and $5.02 million for breaches in public clouds. Organizations with a hybrid cloud model also had shorter breach lifecycles than organizations that solely adopt a public or private cloud model. It took 48 fewer days for hybrid cloud adopters to identify and contain a breach, compared to public cloud adopters.

XDR technologies helped reduce breach lifecycles by almost a month.

Those 44% of organizations with XDR technologies saw considerable advantages in response times. Organizations with XDR deployed had a data breach lifecycle that was on average 29 days shorter compared to organizations that didn’t implement XDR.

XDR capabilities can help significantly reduce average data breach costs and breach lifecycles. For example, IBM Security QRadar XDR enabled businesses to detect and eliminate threats faster by leveraging its single unified workflow across tools.

The skills gap cost organizations more than half a million dollars in data breach costs.

Just 38% of organizations in the study said their security team was sufficiently staffed. This skills gap was associated with data breach costs that were $550,000 higher for understaffed organizations than for those with sufficiently staffed security teams.

Nearly one-fifth of breaches were caused by a supply chain compromise, which cost more and took nearly a month longer to contain.

A number of major attacks in recent years have reached organizations through the supply chain, such as organizations being breached due to the compromise of a business partner or supplier. In 2022, 19% of breaches were supply chain attacks, at an average cost of $4.46 million, slightly higher than the global average. Supply chain compromises had an average lifecycle that was 26 days longer than the global average lifecycle.

More to explore

The Cost of a Data Breach Report contains a wealth of information that can help organizations understand potential financial risks and benchmark costs based on a variety of factors. Plus, the report includes recommendations for security best practices based on IBM Security’s analysis of the research.

There’s more to explore in the full report, including:

  • Global findings — the average cost of a data breach in 17 different geographies and 17 industries, including the top country (United States — $9.44 million).
  • Impact of incident response teams and regularly tested incident response plans on cost ($2.66 million in average savings).
  • Frequency and average cost of the most common attack vectors causing the breaches, including stolen credentials (19%, $4.5 million), phishing (16%, $4.91 million) and cloud misconfiguration (15%, $4.14 million).
  • Effects of security measures and technologies, including risk quantification techniques, identity and access management, multi-factor authentication and crisis management teams.
  • Impacts of security vulnerabilities, including security system complexity, attacks in the midst of cloud migration, remote work and compliance failures.
  • Cost of mega breaches of over 1 million records, including the largest breaches of up to 60 million records that cost nearly $400 million.

Register to download a PDF of the complete report.

Register for a webinar with IBM Security experts discussing key findings and best practices.

More from Data Protection

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today