Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
While enterprises are setting records in cybersecurity spending, the cost and severity of breaches continue to soar. IBM’s latest data breach report provides insights into why there’s a growing disconnect between enterprise spending on cybersecurity and record costs for data breaches.
This year, 2022, is on pace to be a record-breaking year for enterprise breaches globally, with the average cost of a data breach reaching $4.35 million. That’s 12.7% higher than the average cost of a data breach in 2020, which was $3.86 million. It also found a record 83% of enterprises reporting more than one breach and that the average time to identify a breach is 277 days. As a result, enterprises need to look at their cybersecurity tech stacks to see where the gaps are and what can be improved.
Enhanced security around privileged access credentials and identity management is an excellent first place to start. More enterprises need to define identities as their new security perimeter. IBM’s study found that 19% of all breaches begin with compromised privileged credentials. Breaches caused by compromised credentials lasted an average of 327 days. Privileged access credentials are also bestsellers on the Dark Web, with high demand for access to financial services’ IT infrastructure.
The study also shows how dependent enterprises remain on implicit trust across their security and broader IT infrastructure tech stacks. The gaps in cloud security, identity and access management (IAM) and privileged access management (PAM) allow expensive breaches to happen. Seventy-nine percent of critical infrastructure organizations didn’t deploy a zero-trust architecture, when zero trust can reduce average breach losses by nearly $1 million.
Enterprises need to treat implicit trust as the unlocked back door that allows cybercriminals access to their systems, credentials and most valuable confidential data to reduce the incidence of breaches.
What enterprises can learn from IBM’s data on healthcare breaches
The report quantifies how wide healthcare’s cybersecurity gap is growing. IBM’s report estimates the average cost of a healthcare data breach is now $10.1 million, a record and nearly $1 million over last year’s $9.23 million. Healthcare has had the highest average breach cost for twelve consecutive years, increasing 41.6% since 2020.
The findings suggest that the skyrocketing cost of breaches adds inflationary fuel to the fire, as runaway prices are financially squeezing global consumers and companies. Sixty percent of organizations participating in IBM’s study say, they raised their product and service prices due to the breach, as supply chain disruptions, the war in Ukraine and tepid demand for products continue. Consumers are already struggling to meet healthcare costs, which will likely increase by 6.5% next year.
The study also found that nearly 30% of breach costs are incurred 12 to 24 months after, translating into permanent price increases for consumers.
“It is clear that cyberattacks are evolving into market stressors that are triggering chain reactions, [and] we see that these breaches are contributing to those inflationary pressures,” says John Hendley, head of strategy for IBM Security’s X-Force research team.
Getting quick wins in encryption
For healthcare providers with limited cybersecurity budgets, prioritizing these three areas can reduce the cost of a breach while making progress toward zero-trust initiatives. Getting identity access management (IAM) right is core to a practical zero-trust framework, one that can quickly adapt and protect human and machine identities are essential. IBM’s study found that of the zero-trust components measured in the study, IAM is the most effective in reducing breach costs. Leading IAM includes Akamai, Fortinet, Ericom, Ivanti, Palo Alto Networks and others. Ericom’s ZTEdge platform is noteworthy for its combining ML-enabled identity and access management, zero-trust network access (ZTNA), microsegmentation and secure web gateway (SWG) with remote browser isolation (RBI) and Web Application Isolation.