10 statistics that show the cost of a data breach to companies

wutzkohphoto // Shutterstock How many businesses are ready to pony up several million in additional expenses this year? If history is any indicator, hundreds of companies will need to face the reality of cleaning up after a data breach before this time next year. While a data breach costs a company millions on average, the toll can extend even further than just cleanup. Beyond Identity collected figures and statistics from IBM’s 2022 Cost of a Data Breach Report to understand how data breaches impacted companies and consumers. For the report, IBM conducted more than 3,000 interviews at 550 organizations that experienced a data breach. A breach can cost the affected business $4.1 million on average globally. A data breach in the U.S. costs $9.44 million on average–the highest of any country in the world. Billions of dollars in investments poured into cybersecurity startups in 2020, as companies began allowing employees to work from home for public health reasons. Demand for remote authentication rose as more workers logged in from multiple locations. Investors weren’t just betting on a remote work future–the case for heightened IT security had already been made prior to the pandemic. The number of companies hit by hackers looking to steal data increased significantly during the decade preceding COVID-19’s arrival in the U.S.–and that trend is continuing. With less than five months remaining, 2022 is already shaping up to be a marquee year for cyberattacks.  Remediation of servers and IT equipment after a breach can be costly. A data breach can also trigger government fines and legal fees in addition to actual costs. ut businesses also have to quantify the intangible losses to their reputations that could spread from a data breach. If a thief gets away with intellectual property, the targeted business could lose its competitive edge in the market. The theft could also cause a loss of revenue for months or even years afterward. Data breaches impact a company’s brand as well. Minneapolis-based retail giant Target not only had to pay an $18.5 million settlement as a result of its infamous breach of credit card data in 2013, but it also had to worry about the subsequent damage to its reputation that executives pointed to for slumping sales. The costs that accrue from these attacks are myriad, and companies’ vulnerabilities are only increasing as more businesses move operations online and to the cloud. With tensions between the U.S. and countries like Russia, North Korea, and China heating up, threat levels will likely remain heightened. U.S. House Rep. Nancy Pelosi’s visit to Taiwan recently triggered cyberattacks said to have originated in China. And Iran and entities related to the Islamic Republic have been conducting ransomware attacks against U.S. organizations since late 2020, according to cybersecurity firm CrowdStrike’s latest report on global cyberthreats. 83% of organizations reported more than one data breach BEST-BACKGROUNDS // Shutterstock A majority of the organizations that experienced a data breach last year experienced multiple breaches, IBM’s latest report reveals, and recurrence of data breaches is likely to increase. The report also suggests that as workplaces have moved out of the office and into homes, organizations have become more vulnerable to recurring attacks. Tech giants like Yahoo, Amazon, and Facebook have experienced repeated data breaches over the past decade. Attackers don’t just use malware, but also social engineering. In some repeated breaches, vulnerabilities that weren’t detected and patched in the initial attack were exploited again. In others, the attacker was able to manipulate workers–if the current or ex-worker isn’t the attacker–to gain access to IT systems. The average cost of a data breach was $4.35 million Rawpixel.com // Shutterstock The average cost of a data breach has jumped since the turn of the decade. IBM’s 2020 report calculated an average cost of $3.86 million–the most current data reflects an increase of 12.7%. The cost was lowest among public sector organizations and highest for health care organizations. Health care businesses have suffered some of the most wide-reaching data breaches exposing millions of peoples’ sensitive records, including in some cases Social Security numbers. The average cost of a ransomware attack was $4.54 million Yurich // Shutterstock The average cost globally of a ransomware attack was $4.54 million in 2022, per IBM. The total figure doesn’t include the cost of the payment made to the culprits demanding the ransom. The cost of this kind of data breach is just slightly higher than the overall average cost of all data breaches. A 2022 study by Cyberseason suggests that the majority of companies that suffer ransomware attacks pay a ransom fee to the attacker. Experts deem paying a ransom futile. Most attackers will return demanding a second ransom, because the victim was willing to pay the first time. The FBI does not condone paying ransom fees, and warns that doing so doesn’t guarantee data will be recovered. Even after being paid the ransom, attackers can maintain copies of stolen information, and sell it for additional profit. Unfortunately, a faceless cybercriminal is not beholden to contracts or agreements. A business may not know the data has been sold until user data emerges later or is exploited for further social engineering to steal employee identities. Data breaches cost the health care industry $10.1 million–the highest of any field NicoElNino // Shutterstock No sector of the U.S. economy is more targeted than the health care industry. And for good reason–the health care industry maintains databases full of sensitive information that can be useful to criminals looking to steal identities. Hospitals are also critical infrastructure, privatized in the U.S., and remain a target for ideologically motivated foreign adversaries looking to disrupt Americans’ way of life. The sector has led the ranking of costliest data breaches for the last 12 years IBM has performed its study. In 2022, there were at least 395 documented attacks on health care institutions in the U.S., according to the U.S. Department of Health and Human Services. Health systems based in Texas, Arizona, and Massachusetts have suffered data breaches that have impacted millions of consumers. 60% of organizations increased consumer prices due to a data breach