cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Companies passing the buck for data breach costs to consumers

As data breaches reach an all-time high, IBM Security has found that 60 per cent of businesses have raised product prices after suffering security incidents.

user iconReporter
Wed, 24 Aug 2022
Companies passing the buck for data breach costs to consumers
expand image

Data from IBM Security's Cost of a Data Breach Report has found breach costs increasing nearly 13 per cent over the last two years of the report, with the findings suggesting these incidents may also be contributing to rising costs of goods and services. For studied organisations, the global average cost of a data breach reached an all-time high of $4.35 million.

According to Charles Henderson, global head of IBM Security X-Force, businesses need to put their security defences on the offence and beat attackers to the punch.

"It's time to stop the adversary from achieving their objectives and start to minimise the impact of attacks.


"The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.

"This report shows that the right strategies coupled with the right technologies can help make all the difference when businesses are attacked," Henderson said.

With costlier and higher-impact data breaches than ever before, IBM Security researchers have found that 60 per cent of studied organisations raised their product or services prices due to a breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues. Almost all of the breached businesses studied stated they increased the price of their products or services due to the data breach.

The perpetuality of cyber attacks has also shed light on the "haunting effect" data breaches are having on businesses, with the IBM report finding 83 per cent of studied organisations have experienced more than one data breach in their lifetime.

Another factor rising over time is the after-effects of breaches on these organisations, which linger long after they occur, as nearly 50 per cent of breach costs are incurred more than a year after the breach.

According to IBM Security researchers, the vast majority of critical infrastructure are lagging in zero-trust adoption and have incurred about $550,000 in extra costs for insufficiently staffed businesses.

Critical infrastructure lags in zero trust

Almost 80 per cent of critical infrastructure organisations studied don't adopt zero-trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. All while 28 per cent of breaches among these organisations were ransomware or destructive attacks.

It doesn't pay, to pay

Ransomware victims in the study that opted to pay threat actors' ransom demands saw only $630,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.

Security immaturity in clouds

Forty-three percent of studied organisations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organisations with mature security across their cloud environments.

Security AI and automation leads as multi-million-dollar cost saver

Participating organisations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organisations that have not deployed the technology the biggest cost saver observed in the study.

The report highlights that 45 per cent of studied breaches occurred in the cloud, emphasising the importance of cloud security, but a significant 43 per cent of reporting organisations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs.

The studied businesses that did not implement security practices across their cloud environments required an average 108 more days to identify and contain a data breach than those consistently applying security practices across all their domains.

The Cost of a Data Breach Report 2022 is based on in-depth analysis of real-world data breaches experienced by 550 organisations globally between March 2021 and March 2022. The research, which was sponsored and analysed by IBM Security, was conducted by the Ponemon Institute.

[Related: Motorola awarded $60m to bolster NSW state emergency cyber security network]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.