Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
As enterprises set records for cybersecurity spending, the cost and severity of breaches continue to rise. IBM’s latest data breach report provides insight into why there is a growing gap between corporate cybersecurity spending and record data breach costs.
This year, 2022, is on track to be a global record year for corporate breaches, with the average cost of a data breach reaching $4.35 million. That’s 12.7% higher than the average cost of a data breach in 2020, which was $3.86 million. It also found a record 83% of companies reporting more than one breach and that the average time to identify a breach is 277 days. As a result, enterprises need to look at their cybersecurity tech stacks to see where the gaps are and what can be improved.
Enhanced security around privileged access credentials and identity management is a great first place to start. More enterprises need to define identities as their new security perimeter. IBM’s research found that 19% of all breaches start with compromised privileged credentials. Breaches caused by compromised credentials lasted an average of 327 days. Privileged access data are also bestsellers on the Dark Web, with a high demand for access to financial services IT infrastructure.
The study also reveals how reliant enterprises remain on implicit trust in their security and broader IT infrastructure tech stacks. The gaps in cloud security, identity and access management (IAM), and privileged access management (PAM) can lead to costly breaches. Seventy-nine percent of critical infrastructure organizations have not implemented a zero-trust architecture, while zero trust can reduce average losses from breaches by nearly $1 million.
Enterprises should think of implicit trust as the unlocked backdoor that gives cybercriminals access to their systems, credentials and most valuable confidential data to reduce the number of breaches.
What companies can learn from IBM’s data on healthcare breaches
The report quantifies how large the gap in healthcare cybersecurity is growing. IBM’s report estimates that the average cost of a healthcare data breach is now $10.1 million, a record and nearly $1 million more than last year’s $9.23 million. Healthcare has the highest average breach costs for 12 consecutive years, up 41.6% since 2020.
The findings suggest the skyrocketing cost of breaches is fueling inflation as runaway prices put financial pressure on global consumers and businesses. Sixty percent of organizations surveyed by IBM say they have increased their product and service prices as a result of the split, as supply chain disruptions, the war in Ukraine and lukewarm demand for products persist. Consumers are already struggling to cover healthcare costs, likely to increase by 6.5% next year.
The study also found that nearly 30% of infringement costs are incurred 12 to 24 months later, which translates into permanent price increases for consumers.
“Clearly, cyber-attacks are evolving into market stressors that trigger chain reactions, [and] we see these breaches adding to that inflationary pressure,” said John Hendley, head of strategy for IBM Security’s X-Force research team.
Get quick wins in encryption
For healthcare providers with limited cybersecurity budgets, prioritizing these three areas can lower the cost of a breach while making progress toward zero-trust initiatives. The right identity access management (IAM) is at the heart of a practical zero-trust framework, one that can adapt quickly and protect the identities of people and machines. IBM’s research found that of the zero-trust components measured in the study, IAM is the most effective in reducing the cost of breaches. Leading IAM includes Akamai, Fortinet, Ericom, Ivanti, Palo Alto Networks and others. Ericom’s ZTEdge platform is notable for its combination of ML-enabled identity and access management, zero-trust network access (ZTNA), micro-segmentation, and secure web gateway (SWG) with external browser isolation (RBI) and Web Application Isolation.
The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more about membership.