Jul 28, 2022 16:00:00

The amount of damage caused by information leaks reached a record high, and the cost increase was for consumers

On July 27, 2022, IBM announced the results of an investigation into the 'data breach costs' that victim organizations would incur in the event of a data breach such as ransomware. As a result, the average cost of data breaches reached a record high of $ 4.35 million (about 588 million yen), and the fact that such costs are being passed on to product prices became apparent.

Cost of a Data Breach Report 2022 | IBM

https://www.ibm.com/security/data-breach

IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High
https://newsroom.ibm.com/2022-07-27-IBM-Report-Consumers-Pay-the-Price-as-Data-Breach-Costs-Reach-All-Time-High

According to IBM, the average global cost of data breaches in 2022 was $ 4.35 million, an increase of nearly 13% over the last two years. In addition, 60% of the organizations surveyed are raising prices for products and services due to data breaches, which may have spurred inflation and increased costs in the global economy. Was shown.

In this report, a thorough analysis of the data breaches experienced by 550 organizations worldwide between March 2021 and March 2022, 83% of the affected organizations experienced two or more data breaches. It has also been shown that nearly 50% of data breach costs occur more than a year after the breach occurs, IBM said: 'The aftereffects of data breaches on organizations continue to persist for long periods of time. , Will increase over time. '

Despite data breaches being a problem, about 80% of the critical infrastructure organizations surveyed do not adopt a

zero trust strategy, and those organizations cost an average of $ 5.4 million (about 700 million). It was 31 million yen), which was 1.17 million dollars (158 million yen) higher than the organization that employs it. Twenty-eight percent of the data breaches experienced by these organizations were due to ransomware and devastating attacks.

Also, ransomware shouldn't be paid for, but this report once again highlights that. Studies show that if ransomware victims choose to pay the ransom, the cost of infringement is reduced by an average of only $ 610,000 compared to choosing not to pay.

Since the reduction does not include the ransom itself, IBM suggests that paying the ransom alone is not an effective strategy given that ransomware victims are required to pay a large amount of ransom. Will be done. '

The amount of ransom required for a ransomware attack is increasing year by year. For example, the ransom paid by a major PC maker Acer in a ransomware attack in 2021 was $ 50 million (about 50 million dollars at the rate at that time). It was 5.4 billion yen).

Acer suffers ransomware damage, ransom is more than 5 billion yen, the highest ever-GIGAZINE

In addition to this, in this report, '43% of the target organizations are inexperienced in cloud security measures, and the average data breach cost was 660,000 dollars (about 89 million yen) higher than the organization with sufficient cloud security.' And, 'Organizations that have introduced security AI and automation have an average data breach cost of $ 3.05 million (about 421 million yen) less than organizations that do not, and the cost of data breach due to AI and automation. Can be greatly compressed. '

In this regard, Charles Henderson, global head of IBM Security X-Force , said, 'Companies need to move from security defense to offensive and defeat attackers. Now is the time to prevent opponents from achieving their goals. It's time to move to minimize the impact of the attack. The less companies invest in detection and response and the more enthusiastic they are to build lines of defense, the more likely they are to drive higher data breach costs. ' He said that there is a need to aggressively respond to attacks such as ransomware.