The average cost of a data breach in France stands at 4.27 million euros, against 4.5 million euros last year, notes IBM’s latest report on this subject, an annual study called “Cost of a Data Breach”. This slightly lower but relatively stable figure places France in the average of the 17 countries included in this study.
With an average amount of 4.35 million dollars per incident (4.28 million euros), this cost has however reached a new record, with an increase of 12.7% over the last two years. US companies recorded the highest average cost. It rose 4.3% to $9.44 million. For businesses in the Middle East, this average cost reached $7.46 million, compared to $6.93 million in 2021. Canada, the United Kingdom and Germany rounded out the top tier, with losses averages of $5.64 million, $5.05 million, and $4.85 million.
Carried out by the Ponemon Institute for Big Blue, the study is based on the analysis of data breaches that affected 550 organizations between March 2021 and March 2022. For 17% of the structures targeted, it was a first, the remaining balance (87%) having already been the victim of similar acts. 60% of businesses said they raised the price of their products and services because of losses.
207 days to identify the leak
On average, the targeted companies took 207 days to identify the data breach. It then took them 70 days to contain it. That is an overall drop of a few days compared to last year’s results (212 days to identify the violation and 75 days to contain it). Human error, the negligent actions of employees or external contractors, was the cause of 21% of incidents. A slightly lower share (19%) results from IT attacks by suppliers. The average cost of these breaches is slightly higher ($4.46 million). And above all, they represent crises longer than 26 days, which shows that they are harder to identify and contain.
Finally, some 11% of breaches were caused by ransomware attacks. A mode of operation up sharply, by 41%, which represented only about 8% of computer hacks last year. However, the average cost of these attacks has decreased slightly, from $4.62 million in 2021 to $4.54 million. The most common attack vectors are credential theft or compromise, followed by phishing.
The health sector deplores the highest losses
If we look at the average cost according to the activity of the victim companies, we observe that the health firms recorded a record average cost of 10.1 million dollars per data breach. That’s an increase of nearly $1 million from 2021.
For companies in the sector, this cost has increased by 41.6% since 2020. It also stands at $5.97 million per data breach for financial services companies.
Overall, companies working on critical infrastructure reported an average cost of $4.82 million. This is $1 million more than the average cost observed by companies in other sectors. 28% of organizations operating critical infrastructure have suffered a destructive or ransomware attack and 17% have had to deal with a vendor hack.
Impact of security policies
The IBM study also attempted to measure the impact of security policies. Thus, 80% of critical infrastructure companies that have not adopted Zero Trust, this information security model that denies access to applications and data by default, spent an average of $1.17 million dollars more to contain data leaks.
Similarly, companies that deployed artificial intelligence and security automation tools saw their data breach costs decrease by $3.05 million. At $4.99 million per incident, remote work-related data breaches cost almost $1 million more on average.
The study reports that 62% of companies that said they did not have enough cybersecurity staff had costs $550,000 higher. Finally, the bill for companies victimized by ransomware is lower, at $630,000, than for those who chose to pay the ransom. But this addition is misleading. It does not take into account the amount extorted from the victim.
Source: ZDNet.com