The global average cost of a data breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022 — the highest it’s been in the history of IBM Security’s “The Cost of a Data Breach Report.”

Now in its 17th year, the report, conducted by Ponemon Institute, studied 550 organizations impacted by data breaches between March 2021 and March 2022. The breaches occurred across 17 countries and regions and in 17 different industries.

In addition, IBM Security conducted 3,600 interviews with individuals from organizations impacted by the data breaches to determine the cost to organizations across different activities related directly to both immediate and prolonged incident response (IR). The report examined root causes, short-term and long-term consequences of data breaches, and the mitigating factors and technologies that allowed companies to limit losses.

Key findings from the IBM Security analysis shows:

83% — Percentage of organizations that have had more than one breach

$4.82 million — Average cost of a critical infrastructure data breach

$4.54 million — Average cost of a ransomware attack, not including the cost of the ransom itself

19% — Frequency of breaches caused by stolen or compromised credentials

$1 million — Average increase in cost where remote work was a factor in causing the breach versus when it wasn’t a factor

$2.66 million — Average cost savings associated with an incident response team and regularly tested IR plan

$9.44 million — Average cost of a breach in the United States, the highest of any country

While the study focuses mainly on the financial costs associated with a data breach, the real impact on businesses run much deeper: reputational loss, legal liability and loss of business and consumer trust.

Organizations should consider the following recommendations, based on the successful security approaches taken by organizations in the study.

1. Adopt a zero trust security model to help prevent unauthorized access to sensitive data.

The study showed that while just 41% of organizations implemented a zero trust security approach, they had a potential breach cost savings of $1.5 million with a mature deployment. As organizations incorporate remote work and hybrid multi-cloud environments, a zero trust strategy can help protect data and resources by limiting accessibility and requiring context.

Security tools that share data between disparate systems and centralize data security operations can help security teams detect incidents across complex hybrid multi-cloud environments. Security teams can gain deeper insights, mitigate risks and accelerate response with a zero trust strategy.

2. Protect sensitive data in cloud environments using policy and encryption.

With the increasing amount and value of data being hosted in cloud environments, organizations should take steps to protect cloud-hosted databases.

Mature cloud security practices were associated with breach cost savings of $720,000 compared to no cloud security practices. Using data classification schema and retention programs can also help bring visibility and reduce the volume of sensitive information vulnerable to a breach.

Organizations should protect sensitive information using data encryption and fully homomorphic encryption. Using an internal framework for audits, evaluating risk across the enterprise and tracking compliance with governance requirements can help improve the ability to detect a data breach and escalate containment efforts.

3. Invest in security orchestration, automation and response (SOAR) and extended detection and response (XDR) to help improve detection and response times.

Along with security artificial intelligence (AI) and automation, XDR capabilities can help significantly reduce average data breach costs and breach lifecycles.

According to the study, organizations with XDR deployed shortened the breach lifecycle by 29 days on average compared to organizations that didn’t implement XDR, with a cost savings of $400,000.

SOAR and security information and event management (SIEM) software, managed detection and response services, and XDR can help organizations accelerate incident response with automation, process standardization and integration with existing security tools.

4. Use tools that help protect and monitor endpoints and remote employees.

In the study, breaches where remote work was a factor in causing the breach cost nearly $1 million more than breaches where remote work wasn’t a factor. Unified endpoint management (UEM), endpoint detection and response (EDR) and identity and access management (IAM) cyber technologies can help provide security teams with deeper visibility into suspicious activity.

This oversight involves bring-your-own-device (BYOD) policies and company laptops, desktops, tablets, mobile devices and IoT, including endpoints the organization doesn’t have physical access to. UEM, EDR and IAM can help to speed investigation and response time to isolate and contain the damage in breaches where remote work was a factor.

5. Create and test incident response playbooks to increase cyber resilience.

Two of the most effective ways to mitigate the cost of a data breach are forming an incident response team and extensive testing of the IR plan. Breaches at organizations with IR teams that regularly test their plan saw $2.66 million in savings compared to breaches at organizations with no IR team or testing of the IR plan.

Organizations can respond quickly to contain the fallout from a breach by establishing a detailed cybersecurity incident playbook. Routinely test the plan through tabletop exercises or run a breach scenario in a simulated environment such as a cyber range.

Adversary simulation exercises, also known as red team exercises, can enhance the effectiveness of IR teams by uncovering attack paths and techniques they might miss and identifying gaps in detection and response capabilities.

An attack surface management approach can help organizations improve their security posture by locating previously unknown exposure points through simulations of an authentic attack experience.

For more information, visit