The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020.

New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when inflation is growing, breached businesses have passed higher costs to customers, with 60% of organizations in the study reporting that they increased the price of goods and services in response to losses from the breach.

These are among the dozens of findings from the study of 550 organizations across a variety of industries and geographies that experienced a data breach between March 2021 and March 2022. Now in its 17th year, with research independently conducted by Ponemon Institute, and featuring analysis by IBM Security, the Cost of a Data Breach Report is among the leading benchmark reports in the security industry. It offers IT, security and business leaders a lens into risk factors that can increase the costs associated with a data breach, and which security practices and technologies can help mitigate security risk and financial damages.

Top Findings in the 2022 Report

The use of security AI and automation has jumped by nearly one-fifth since 2020, and cost savings from security AI and automation were the highest of any factor studied.

The percentage of organizations with security AI and automation deployed grew from 59% in 2020 to 70% in 2022, an 18.6% growth rate. Those organizations that reported their security AI and automation technologies are “fully deployed” — 31% of organizations — experienced breach costs that were $3.05 million less than at organizations with no security AI and automation. Data breaches at organizations with no security AI and automation deployed cost an average $6.2 million, compared to an average $3.15 million at organizations where security AI and automation was fully deployed.

The ROI from security AI and automation is apparent from another metric, that of time. Security AI and automation not only reduced costs, but they also significantly lowered the time to identify and contain a data breach (i.e., the breach lifecycle). With those technologies fully deployed, the average lifecycle of a data breach was 74 days shorter than the average for no security AI and automation.

IBM provides SOAR solutions to help businesses accelerate incident response with automation, process standardization and integration with businesses’ existing security tools. These capabilities enable a more dynamic response, providing security teams with intelligence to adapt and guidance to resolve incidents with agility and speed.

Healthcare breach costs surged to $10.1 million, the highest average cost of any industry for 12th year in a row.

While healthcare costs in the U.S. have seen increases between 6% and 7% since 2020, according to PwC, data breach costs in the industry have far outpaced overall healthcare inflation in the same time period. Healthcare industry breach costs surged 42%, growing from $7.13 million in 2020 to $10.10 million in 2022. Healthcare has been the highest cost industry for 12 years in a row.

More organizations deploy zero trust in 2022 than they did in 2021, with cost savings of about $1 million.

This was the second year that the report looked at the impact of a zero trust security framework on the average cost of a data breach. The share of organizations deploying a zero trust architecture grew from 35% in 2021 to 41% in 2022. The other 59% percent of organizations studied in the 2022 report who do not deploy zero trust incurred an average of $1 million in greater breach costs compared to those that do deploy zero trust. However, the cost savings were even greater for those with a mature zero trust deployment — about $1.5 million lower compared to organizations at the initial stages of a zero trust program.

Ransomware and destructive attacks were more expensive than the average breach in 2022, while the share of breaches involving ransomware grew by 41%.

Last year was the first year that the report looked at the cost of ransomware and destructive attacks. The average cost of a ransomware attack — not including the cost of the ransom — went down slightly in 2022, from $4.62 million to $4.54 million, while destructive attacks increased in cost from $4.69 million to $5.12 million, compared to the global average of $4.35 million. The share of breaches caused by ransomware grew from 7.8% in 2021 to 11% in 2022, a growth rate of 41%.

The impact of incident response teams and regularly tested incident response plans on cost was $2.66 million in average savings.

Forming an incident response (IR) team and extensive testing of the IR plan were two of the most effective ways to mitigate the cost of a data breach. However, of studied businesses that have IR plans (73%), 37% don’t test their plan regularly. It’s essential that businesses routinely test their IR plans through tabletop exercises or run a breach scenario in a simulated environment, such as a cyber range.

Explore the Report

What’s New in the 2022 Report

The 2022 study broke new ground in research with some fresh findings showing how the cost of a breach was affected by factors including supply chain compromises, critical infrastructure, and the skills gap. The study also explored how security technologies, including extended detection and response (XDR) and cloud security, impacted breach costs. Below are some of these findings.

$4.82 million was the average cost of a critical infrastructure data breach.

The average cost of a data breach for critical infrastructure organizations studied was $4.82 million — $1 million more than the average cost for organizations in other industries. Critical infrastructure organizations included those in the financial services, industrial, technology, energy, transportation, communication, healthcare, education, and public sector industries. Twenty-eight percent of critical infrastructure organizations experienced a destructive or ransomware attack, while 17% experienced a breach because of a business partner being compromised.

45% of breaches occurred in the cloud, but breaches cost less in hybrid cloud environments.

Forty-five percent of breaches in the study occurred in the cloud. Breaches that happened in a hybrid cloud environment cost an average of $3.80 million, compared to $4.24 million for breaches in private clouds and $5.02 million for breaches in public clouds. Organizations with a hybrid cloud model also had shorter breach lifecycles than organizations that solely adopt a public or private cloud model. It took 48 fewer days for hybrid cloud adopters to identify and contain a breach, compared to public cloud adopters.

XDR technologies helped reduce breach lifecycles by almost a month.

Those 44% of organizations with XDR technologies saw considerable advantages in response times. Organizations with XDR deployed had a data breach lifecycle that was on average 29 days shorter compared to organizations that didn’t implement XDR.

XDR capabilities can help significantly reduce average data breach costs and breach lifecycles. For example, IBM Security QRadar XDR enabled businesses to detect and eliminate threats faster by leveraging its single unified workflow across tools.

The skills gap cost organizations more than half a million dollars in data breach costs.

Just 38% of organizations in the study said their security team was sufficiently staffed. This skills gap was associated with data breach costs that were $550,000 higher for understaffed organizations than for those with sufficiently staffed security teams.

Nearly one-fifth of breaches were caused by a supply chain compromise, which cost more and took nearly a month longer to contain.

A number of major attacks in recent years have reached organizations through the supply chain, such as organizations being breached due to the compromise of a business partner or supplier. In 2022, 19% of breaches were supply chain attacks, at an average cost of $4.46 million, slightly higher than the global average. Supply chain compromises had an average lifecycle that was 26 days longer than the global average lifecycle.

More to Explore

The Cost of a Data Breach Report contains a wealth of information that can help organizations understand potential financial risks and benchmark costs based on a variety of factors. Plus, the report includes recommendations for security best practices based on IBM Security’s analysis of the research.

There’s more to explore in the full report, including:

  • Global findings — the average cost of a data breach in 17 different geographies and 17 industries, including the top country (United States — $9.44 million).
  • Impact of incident response teams and regularly tested incident response plans on cost ($2.66 million in average savings).
  • Frequency and average cost of the most common attack vectors causing the breaches, including stolen credentials (19%, $4.5 million), phishing (16%, $4.91 million) and cloud misconfiguration (15%, $4.14 million).
  • Effects of security measures and technologies, including risk quantification techniques, identity and access management, multi-factor authentication and crisis management teams.
  • Impacts of security vulnerabilities, including security system complexity, attacks in the midst of cloud migration, remote work and compliance failures.
  • Cost of mega breaches of over 1 million records, including the largest breaches of up to 60 million records that cost nearly $400 million.

Register to download a PDF of the complete report.

Register for a webinar with IBM Security experts discussing key findings and best practices.

more from Intelligence & Analytics

Why Threat Analysis Will Continue to Play a Vital Role in Security

Today, the cybersecurity industry faces many challenges. Highly skilled attackers, a daily flood of data full of irrelevant information and false alarms across multiple systems come in amid a severe shortage of skilled workers. In this industry, performing detailed threat analysis with the data you already have will help protect your business. For that, you need threat analysts. These are…

Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine

Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate "Trickbot group" has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine. Between mid-April and mid-June of 2022 the Trickbot group, tracked by X-Force as ITG23 and also known as Wizard Spider,…