IBM Security’s 2022 “Cost of a Data Breach Report”



This year’s “Cost of a Data Breach Report” from IBM Security was released last month, containing research gathered from 550 organizations impacted by data breaches between March 2021 and March 2022, spanning across 17 different industries. Some of the most striking threat statistics were found in healthcare, and for the 12th year in a row the healthcare industry had the highest average cost of a breach.

The Findings

Here are some other findings that healthcare providers and the organizations that support them should be aware of:

Data breaches in healthcare cost organizations an average of $10.1 million each, nearly double what a breach cost in the financial industry (the second most costly industry). This is “a 9.4 percent increase from the 2021 report, and a 41.6 percent increase from 2020.”

83 percent of the 550 organizations analyzed reported that this was NOT their first data breach. As stated in the report, “with security teams handling more incidents every year and considering the impact of remote work on security, it’s likely the recurrence of breaches is climbing.”

The average time it took for an organization to identify and contain a breach last year was 277 days, a slight drop from the year before. Researchers have also found that a shorter data breach lifecycle is consistently associated with a lower overall cost.

In industries that are highly regulated (especially in healthcare), organizations “tended to see costs accrue in later years following the breach.” Long after a breach occurred, these industries were still feeling a significant financial impact, with an average of 24 percent of the data breach cost being accrued over two years after the breach.

The most common starting point for a cyberattack last year was “stolen or compromised credentials,” followed closely by phishing scams and cloud misconfiguration. Attackers that used compromised credentials were the hardest to identify, resulting in a longer data breach life cycle, but phishing scams proved to be the most costly form of attack.

How to Mitigate Your Risk

Check out the full report to see where most attacks came from and what factors increased/decreased the likelihood and potential cost of a breach. As you might expect, training employees, having good cybersecurity tools and processes, and staying on top of compliance requirements have shown up as critical ways to minimize the various harmful effects of cyberthreats.

The financial cost of a breach is influenced by OCR penalties, depending primarily on whether or not a proper Security Risk Analysis has been conducted. This is why fulfilling HIPAA compliance requirements is so important, not only to discover vulnerabilities before a breach occurs, but to also mitigate some of the financial burden post-breach.

If you have questions about cybersecurity, compliance, and/or how you can be protecting your organization from a data breach, reach out to your team at Medcurity.