Average Data Breach Costs Soar to $4.4M in 2022

Call it a cyber tax: Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services.

Sixty percent of breaches have resulted in companies recouping the cost of fines, clean-up, and technological improvements by increasing prices, essentially making consumers pay for breaches and companies lack of preparedness, according to an annual report published on July 27.
The Cost of Data Breach Report 2022 report, based on a survey of executives and security professionals at 550 companies, says the average cost of a data breach continued to rise in 2022, reaching an average of $4.4 million globally (up 13% since 2020) and $9.4 million in the United States. On average, companies required 277 days to identify and contain data breaches, down from 287 days in 2021, and 83% of companies had suffered more than one breach.
It is clear that cyberattacks are evolving into market stressors that are triggering chain reactions, [and] we see that these breaches are contributing to those inflationary pressures, says John Hendley, head of strategy for IBM Securitys X-Force research team. We have to think about cyber events as factors that are capable of straining the economy, similar to COVID, the war in Ukraine, gas prices, all of that.
The
annual report
, based on surveys conducted by the Ponemon Institute, is not the first attempt to gauge the impact of breaches on businesses balance sheets. Last year, a survey by security-operations firm IronNet found that most companies were affected by the supply chain attack on network management firm SolarWinds, with the average firm
seeing an 11% drop in revenue
due to dealing with the incident.
Overall, experts estimated that the incident would cost SolarWinds itself about
about $18 million
. As for the 18,000 affected businesses and government agencies (and the approximately 100 organizations that were ultimately compromised), they have faced as much as
$100 billion in clean-up costs
, according to analysis.
While cybersecurity experts have increasingly urged companies to count on having their systems compromised, they continue to have problems stopping attackers, and they are passing costs onto consumers, Hendley notes. This suggests that data breaches and cyberattacks are creating a cyber tax, he argues, increasing costs for downstream consumers and clients.
When you think about the fact that 83% of businesses have been breached at least once in their lifetime, I think it becomes difficult to say that we need to apply punitive damages to help prevent breaches, Hendley says. There is always going to be a way in, so I think the best investment that we can have is to try to shift the line from protecting the perimeter to thinking like the attacker.
In addition to the labeling of breaches and fines as a cyber tax, the report highlighted various trends among industries dealing with cyberattacks. Companies that could reduce the overall breach detection and response time to less than 200 days saved $1.1 million, or 23% of the cost of the average breach.
The cost of a single data breach varied significantly based on the type of industry affected. The heavily regulated healthcare sector continued to pay out the highest amount for compromises of data, reaching an average of $10 million per breach in 2022, compared with financial firms that paid an average of $6 million per breach, the second most expensive breach cost. Pharmaceutical companies and technology firms essentially tied for third place, paying about $5 million for each breach.
Ransomware continued to have a significant impact on business, despite signs that — so far this year — ransomware attacks have declined somewhat. The survey found that companies that pay ransoms spend less on clean-up costs, but high ransom totals negate most savings. In addition, 80% of companies that pay ransoms are attacked again, according to
the Ransomware: The True Cost to Business report
published by security firm Cybereason last year.
Other research has highlighted the impact of ransomware on companies that have not adequately prepared for destructive attacks. Two-thirds of global firms hit with ransomware suffered a significant revenue loss, they said, as did 58% of those surveyed at US companies specifically. The attacks overall have led to 31% of global companies shuttering some part of their businesses.
It is interesting to see the cost difference between ransomware victims who chose to pay and those who chose not to, Nicole Hoffman, senior cyber-threat intelligence analyst at Digital Shadows, a digital-risk protection firm. Those who pay are often targeted again within months of the original attack, which would increase financial losses significantly. These factors are important to consider when making the challenging business decision of whether or not to pay.
That said, the initial vector of the attack also had a significant impact on cost. Business email compromise (BEC) and phishing attacks led to the highest average breach costs — about $4.9 million per incident — with third-party vulnerabilities and compromised credentials accounting for damages of approximately $4.5 million per incident.
The IBM-Ponemon report also highlighted technologies that could have the largest impact on data breach costs. Companies that use artificial intelligence and machine learning (AI/ML) technologies, DevSecOps processes, and formed an incident-response team saved about $300,000, $276,000, and $253,000 per incident, respectively.
In contrast, companies that suffered from security system complexity, were migrating the business to the cloud, and had compliance failures saw the largest increases in cost per incident.
The report is based on more than 3,600 interviews with individuals from 550 companies of various sizes, focusing on breaches that involved anywhere from 2,200 to 102,000 records. Breaches outside that range were not included.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Average Data Breach Costs Soar to $4.4M in 2022