Healthcare organizations saw average cost per breach at $10.1 million, more than double the global average. Credit: AndreyPopov / Getty Images The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches.The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. According to the report, about 83% of the organizations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach.Cloud and critical infrastructure remain at high riskThe report revealed that ransomware and destructive attacks represented 28% of breaches among critical infrastructure organizations studied, indicating threat actors specifically targeting the sector for disrupting global supply chain. The critical infrastructure sector includes financial services, industrial, transportation, and healthcare companies. The report also noted that in the US, even a year after the Biden administration issued a cybersecurity executive order mandating federal agencies to adopt a zero-trust security model, only 21% of critical infrastructure organizations surveyed have done so, raising costs by $1.17 million for those who did not. Seventeen percent of the critical infrastructure breaches were caused due to a business partner being initially compromised.Cloud computing infrastructure is an even easier target because of the security immaturity it suffers, according to the report. “Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organizations with mature security across their cloud environments,” it added. Hybrid cloud, however, has offered a silver lining in digital transformation as organizations adopting hybrid clouds (45%) have witnessed lower breach costs than the ones with a solely public or private cloud model, according to the report. While the breach cost for hybrid cloud averaged $3.8 million, public clouds recorded $5.02 million while private clouds recorded $4.24 million in breach costs respectively.Overall, 45% of the breaches occurred in the cloud, making cloud architecture the most sought after target. Forty-three percent of the organizations said they are either still in the early stages or have not started implementing security solutions to protect their cloud infrastructure.While compromised credentials were the leading cause of data breaches among companies surveyed (at 19%), phishing—in second place at 16%—has emerged as the costliest, leading to $4.91 million in average breach costs for responding organizations, the report underlined.Healthcare sector hit hardest by breach costsHealthcare has been for the last 12 years and continues to be the industry hit hardest by the cost of breaches, with average costs per breach increasing by $1 million to a record total of $10.1 million.According to the report, businesses that paid threat actors’ ransom demands saw $610,000 less in average breach costs compared to those that chose not to pay—not including the ransom amount paid. However, when accounting for the average ransom payment, which according to Sophos reached $812,000 in 2021, businesses that opt to pay the ransom could net higher total costs—all while inadvertently funding future ransomware attacks with capital that could be allocated to remediation and recovery efforts. Organizations suffering data breaches could also be looking at costs of federal offenses.Among concerning factors, 62% of the suryeyed organizations stated they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed. Implementing security AI and automation has helped reduce costs by $3.05 million on average, the report added. Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe