Pagoda Blog

What Business Owners Can Learn from IBM’s Annual Cost of Data Breach Report

October 20, 2022

Every year IBM puts out an annual Cost of Data Breach report. This report does a deep dive into the impact of data breaches on businesses worldwide, analyzing “root causes, short-term and long-term consequences of data breaches, and the mitigating factors and technologies that allowed companies to limit losses.” The report also includes compelling statistics based on the studies of 500 organizations impacted by data breaches that occurred between March 2021 and March 2022, across 17 countries and regions and in 17 different industries. You can download your own copy of the report, but we’ve also put together 7 key takeaways to help business owners better understand the current threat landscape and how to mitigate it. 


1. Cost of data breaches hits all-time high 

From 2021 to 2022, the global average cost of a data breach increased by 2.6%, for a total cost of 4.35 million. This is the highest cost of a data breach since IBM began compiling this report 17 years ago. 


2. Time is money 

The longer it takes for companies to respond to a data breach, the more money lost. On average in 2022, it took companies 277 days or 9 months to identify and contain a breach. Companies that were able to bring this response time down to 200 days or less, saved on average $1.12 million. 


3. Stolen or compromised credentials were the most common cause of a data breach 

The number one cause of a data breach was attributed to stolen or compromised credentials. Data breaches attributed to stolen or compromised credentials also took the longest to identify, making them costly as well: $150,000 more than the average data breach. This data highlights the importance of utilizing a secure password management system to store and share credentials, implementing multi-factor authentication across accounts, and of cultivating a cybersecurity culture in the workspace.   


4. Paying a ransom saves you money - maybe 

Ransomware is on the rise, increasing by 41% over the report’s timeline. Those organizations that chose to pay the ransom to regain access to their data, saw only $610,000 less in average breach costs. This may seem significant but this number doesn’t factor in the cost of the ransom itself. Depending on the price of the ransom, these companies may have actually paid more to mitigate their damage of a data breach than companies who chose not to pay.  


5. 45% of data breaches were cloud-based

43% of organizations in the study were either in the early stages or had not yet begun applying security practices to safeguard their cloud environments. It’s not surprising then that 45% of data breaches during this time period were cloud-based. Enhanced security and monitoring in the cloud is essential when you take your business online. Make sure your business utilizes a cyber resiliency mindset and not only secures your data in the cloud, but also has a plan in place if and when a data breach occurs.  


6. Data breaches cost the healthcare industry more than any other industry 

For the 12th year in a row, the healthcare industry suffered the highest costs associated with data breaches. Since 2020, the cost of a breach in healthcare has gone up 42%. Second in line is the financial sector. 


7. When remote work is a factor, costs are higher 

The average cost of a data breach was nearly $1 million greater when remote work was a factor. This stresses the importance of employers setting up cybersecurity policies specifically for remote workers. This includes a BYOD policy, password policy, and establishing a clear onboarding and off-boarding process that incorporates cybersecurity.   


For a deeper dive into this year’s data, download IBM’s 2022 Cost of Data Breach report here. And if you have any questions about applying the report’s findings to your own business, don’t hesitate to reach out to schedule a consultation with a Pagoda Technologies IT solutions expert. 


Feature photo by on Unsplash


Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing



Want IT to serve you better?




About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at to schedule a complimentary IT consultation.


Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060


Contact us for a free IT consultation



Get in touch 

Join our newsletter

Want IT to serve you better? 




Follow Us

Facebook LinkedIn LinkedIn