Cost Of Data Breach Report


Cost Of Data Breach Report

The Cost of a Data Breach Report offers IT, risk management and security leaders a lens into factors that can increase or help mitigate the rising cost of data breaches.

This research — conducted independently by Ponemon Institute, and sponsored, analyzed and published by IBM Security® — studied 550 organizations impacted by data breaches that occurred between March 2021 and March 2022.

We also try to form a more relevant picture of the risks and strategies for securing data and responding to a breach, from artificial intelligence (AI) to zero trust. Covering some of the technologies most companies focused on in the past year, the 2022 edition of this report has new analysis related to the value of the following:

  • Extended detection and response (XDR)
  • The use of risk quantification techniques
  • Impacts of individual technologies that contribute to a zero trust security framework, such as identity and access management (IAM) and multifactor authentication (MFA)

Furthermore, the report takes a broader look at some leading contributors to higher data breach costs. For the first time, the report looks at the effects of supply chain compromises and the security skills gap.

The report examines areas of security vulnerability from the cloud to critical infrastructure. And we take a deeper dive than past years into the impacts of ransomware and destructive attacks. Also studied is the phenomenon of remote work that continues to be a reality for many organizations past the peak of the COVID pandemic.

As companies experience more breaches and costs continue to climb, this report can serve as a tool to help your teams better manage risk and limit potential losses.

Key findings

The key findings described here are based on IBM Security analysis of research data compiled by Ponemon Institute.

83% – Percentage of organizations that have had more than one breach

Eighty-three percent of organizations studied have experienced more than one data breach, and just 17% said this was their first data breach. Sixty percent of organizations studied stated that they increased the price of their services or products because of the data breach.

USD 4.35 million – The Average total cost of a data breach

Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was USD 4.24 million. The average cost has climbed 12.7% from USD 3.86 million in the 2020 report.

Update: in 2023, the average cost of a data breach has reached a record high of USD 4.45 million.


USD 4.82 million – The Average cost of a critical infrastructure data breach

The average cost of a data breach for critical infrastructure organizations studied was USD 4.82 million — USD 1 million more than the average cost for organizations in other industries.

Critical infrastructure organizations included those in the financial services, industrial, technology, energy, transportation, communication, healthcare, education and public sector industries. Twenty-eight percent experienced a destructive or ransomware attack, while 17% experienced a breach because of a business partner being compromised.

USD 9.44 million- The Average cost of a breach in the United States, the highest of any country

The top five countries and regions for the highest average cost of a data breach were the United States at USD 9.44 million, the Middle East at USD 7.46 million, Canada at USD 5.64 million, the United Kingdom at USD 5.05 million and Germany at USD 4.85 million. The United States has led the list for 12 years in a row.

Meanwhile, the country with the fastest growth rate over last year was Brazil, a 27.8% increase from USD 1.08 million to USD 1.38 million.

@Cost Of Data Breach Report

By Ponemom Institute