News & Insights
As digitalisation continues to permeate the world we live in, our burgeoning cross-sector reliance on technology provides an ever-swelling opportunity for cybercriminals.
As cybersecurity evolves, these criminals have become equally sophisticated in their tactics. Consequently, the average cost of a data breach has continued to rise.
Every security incident where one party gains unauthorised access to another party's information is a data breach. The definition of a breach is an event in which an individual’s name and a medical record, a financial record or both, or debit card are potentially put at risk. External factors and employees can be responsible for a data breach; while breaches don’t have to be intentional, a majority of them are.
“
Every security incident where one party gains unauthorised access to another party's information is a data breach.
Ascertaining the potential cost of a data breach is challenging as every business has unique exposures, and the risk landscape is evolving at pace. IBM/Ponemon Institute’s Cost of a Data Breach Report 2022 indicates the growing importance of making informed decisions regarding your organisation’s cyber resilience. Here are our top six findings from the report:
- The cost of a breach is rising rapidly
The average cost of a single record involved in a data breach and total cost both hit a seven-year high in 2022. The global average total cost of a data breach increased by GBP 0.099 million to GBP 3.93 million. The global per record cost of a data breach was GBP 148, a 1.9% increase from GBP 145 in 2021. - UK data breaches are costlier than in the EU
The cost of a data breach in the UK has jumped 8.1%. The average total cost of a data breach for the UK has continued to climb – it is now in fourth place globally, beating France, Japan and Germany at GBP 4.56 million. Only the US, the Middle East and Canada recorded higher average costs. - The recurrence of breaches is climbing
Of the 550 companies polled, 83% said it wasn’t their first data breach. Repeated data breaches can result from an unpatched vulnerability in a company’s network. Human error is also a major exposure, and employees without adequate cybersecurity training are easy phishing or malware targets. - Breaches as a result of phishing and business email compromise are the most costly
The attack vector (method of attack) impacts the cost of a breach. On average, the costliest initial attack vector in 2022 was phishing at GBP 4.43 million, while business email compromise cost GBP 4.41 million. The most common method of attack was stolen or compromised credentials (19% of breaches, GBP 4.06 million), with phishing at 16% and business email compromise at 6%. These findings emphasise that businesses must focus on staff training and perimeter security. - Ransomware breaches take longer to contain and are more costly
The average cost of dealing with a ransom was GBP 4.10 million (excl. the cost of the demand) and, on average, took 237 days to identify and further 89 days to contain. For those that didn’t pay the ransom, costs rose to an average of GBP 4.62 million. - Nearly one-fifth of breaches were a result of a supply chain compromise
Nineteen percent of all losses globally come from a breach of a supply chain partner and the average total cost of a supply chain compromise was GBP 4.03 million. A supply chain breach took, on average, 26 days longer to identify and contain than the global average.
“
On average ransomware breaches took 237 days to identify and further 89 days to contain.
Understanding your cyber vulnerabilities
Cybersecurity is not an ‘add on’ and must be embedded in your processes and culture. Targeted investment requires a careful assessment of your organisation’s current and future needs and capabilities. The majority of breaches are caused by failures on the part of people and processes. Therefore, when it comes to investment, training and awareness are equally as important as the latest technical solutions.
After targeting and fixing gaps between risks and capabilities, you should also ensure your spend will sustain your existing capabilities as the threat landscape evolves. Otherwise, you may find that you are simply creating new gaps and leaving your company exposed.
Gallagher offers risk management strategies for every size of business and every budget, from multi-national corporations to SMEs. We recognise that every organisation is unique, and we will work with you to determine the most appropriate services for your cyber risk.
Sources
The data in this article has been sourced from the IBM/Ponemon Institute’s Cost of a Data Breach Report 2022.
Disclaimer
The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.
FP1457-2022
Related News & Insights
Stay connected with the company that’s connecting the dots with what’s happening in the industry and around the world
Related Articles
As a seasoned cybersecurity expert with a comprehensive understanding of the rapidly evolving landscape of digital threats, I draw upon years of hands-on experience and in-depth knowledge to shed light on the critical issues outlined in the provided article dated 14 October 2022. My expertise extends across various facets of cybersecurity, including threat analysis, risk management, and the strategic implementation of robust security measures.
The article underscores the pervasive impact of digitalization on our interconnected world, emphasizing the escalating opportunities for cybercriminals. In response to this evolving landscape, the field of cybersecurity has witnessed a parallel evolution, with cybercriminals adopting increasingly sophisticated tactics. The rising average cost of data breaches serves as tangible evidence of the growing challenges faced by organizations in safeguarding sensitive information.
The IBM/Ponemon Institute’s Cost of a Data Breach Report 2022 serves as a crucial source, providing key insights into the contemporary cybersecurity landscape. Let's delve into the concepts discussed in the article:
-
Cost of Data Breach Trends:
- The average cost of a data breach has reached a seven-year high in 2022, reflecting the financial impact on organizations.
- Globally, the total cost of a data breach has increased, reaching GBP 3.93 million, with a per-record cost of GBP 148.
-
Regional Disparities:
- The article highlights regional variations, with the UK experiencing an 8.1% increase in the cost of data breaches. The average total cost in the UK now ranks fourth globally at GBP 4.56 million.
-
Recurrence of Breaches:
- A significant finding reveals that 83% of surveyed companies had experienced more than one data breach, underscoring the importance of addressing vulnerabilities promptly.
-
Impactful Attack Vectors:
- The article emphasizes the financial implications of different attack vectors, with phishing and business email compromise emerging as the most costly, requiring heightened focus on staff training and perimeter security.
-
Ransomware Challenges:
- Ransomware breaches, in particular, present distinct challenges, taking longer to identify and contain. The average cost of dealing with a ransom is GBP 4.10 million, with significant variations based on whether the ransom is paid or not.
-
Supply Chain Compromises:
- Supply chain compromises contribute to 19% of global losses, with an average total cost of GBP 4.03 million. Such breaches also take longer to identify and contain compared to the global average.
-
Strategic Cybersecurity Investment:
- The article underscores the importance of embedding cybersecurity in organizational processes and culture. It emphasizes that effective cybersecurity requires a holistic approach, encompassing both technological solutions and investment in training and awareness.
In conclusion, the insights provided in the article serve as a compelling call to action for organizations to reevaluate and fortify their cybersecurity posture in the face of an ever-expanding threat landscape. As an enthusiast committed to advancing cybersecurity awareness, I encourage a proactive and multifaceted approach to address the dynamic challenges posed by cyber threats.
