It's summer in Spain, and I finally understand why it's so difficult to speed up projects in Europe. Everyone is at the beach or getting away from the imperious wheater that for this 2022, once again, achieves records of high temperatures in several cities on the continent.

This gives me time to analyze and deepen many reports and information shared in the cybersecurity ecosystem worldwide.

On August 3, IBM presented the "Cost of a Data Breach Report 2022" study, an analysis that presents the effectiveness of cybersecurity operation programs worldwide and that helps us focus efforts on what can really help companies to reduce the impact of loss or theft of sensitive data for companies.


  • The average cost of data breaches in 2022 is USD 4.35 MM, 2.6% higher than for 2021
  • The average detection time is 207 days and the average containment time is 70 to have a Dwell Time of 277, 10 days less than in 2021.

How the financial impact of a breach is determined?

The IBM report defines a methodology to understand the costs of data loss, considering 4 elements within the assessment:

  • Detection and Escalation
    Activities that help the organization detect the gap.
    • Investigative and forensic activities.
    • Analysis and audit services.
    • Crisis management.
    • Communication to executives and board of directors
  • Notification 
    Activities that enable the organization to notify data owners, regulators and third parties.
    • Emails, letters, calls, or general news to the owners of the data.
    • Definition of regulatory requirements.
    • Communication with regulators.
    • Contact with external experts.
  • Post Incident Response 
    Activities that help victims of a breach communicate with the company and manage activities with victims and regulators.
    • Help desk and contact lines.
    • Credit monitoring and identity protection services.
    • Legal expenses.
    • Product discounts.
    • Fines by regulatory entities.
  • Lost of business
    Activities that attempt to minimize customers and revenue lost.
    • Affectation to the business and reduction in income due to unavailability of the systems.
    • Cost of customer loss and new customer acquisition.
    • Brand damage and loss of trust.

This methodology manages to effectively quantify what a data loss incident can cost operationally, without including other qualitative elements that impact the reputation and sustainability of the business that we cannot ignore.

What sectors of the economy are most affected by data loss?

The global study helps us understand how different sectors are becoming interesting targets for cybercriminals and which, through their evolution in the cybersecurity posture, are no longer the main ones. Below we present the evolution of the sectors in the last 3 years, based on the results of the average cost of the data breach.

The most affected sector with an average cost of USD 10.1 MM per Data Breach is HEALTH.

Sectors with industrial control systems (ICS) continue to trust blindly. 25% of those who responded to the survey affirm that they have suffered from Ransomware attacks or destructive attacks. 80% do not have a secure network architecture that supports interconnection with the IoT cloud and remote access, this type of organization increased data breaches by USD 1.17 MM.


Attack Vectors

The attack vectors remains the same. The highest risk is found in the theft of credentials through techniques such as Phishing or the exposure of credentials through other methods.

Compromised credentials have a cost of USD 4.5 MM and a Dwell Time of 327 days, increasing the cost by 3% compared to 2021 but reducing detection and containment capacity by 14 days.

The third-party software vulnerability vector increased its cost by 5% compared to 2021, increasing to USD 4.55 MM and improving detection and containment capacity in 2 days.

The bad configuration of the Cloud is the third vector that increases the cost the most compared to 2021 with 7% reaching USD 4.14 MM, with a Dwell Time of 244 days.


What factors increase the probability and impact of a breach?

The following are some of the factors that most increase the risk of a data breach in organizations:

  • Remote work.
  • OT and IoT without security controls.
  • Lack of skills of security personnel.
  • Third parties involved in the attack.
  • Migration to Cloud.
  • Complexity in the Security Model.

When we talk about third parties involved in the attack, we are referring to vectors such as third-party software vulnerability, lateral movement of the attacker through third-party access, among others.

Migration to the cloud becomes a critical factor due to the lack of knowledge of shared responsibility models and controls oriented to native cloud technologies that differ greatly from cybersecurity strategies for legacy and onpremise environments.

Lately there has been a lot of talk about simplifying security, Gartner defines the unification of providers as a trend, but we must think about how the entire architecture integrates and improves with continuous learning.

What controls are most effective in reducing the risk of a breach?

It is the first time a comprehensive list of controls and how they reduce the cost of breaches are presented.

Platforms with Artificial Intelligence help reduce the impact of a data breach by USD 300,075

If we review the technological controls that best manage the risk of a data breach, you can focus on:

  • Big Data & AI.
  • Encryption.
  • Identity and Authentication.

Controls were integrated into processes and procedures such as:

  • Security in the Application Life Cycle with an agile DevSecOps approach.
  • Business Continuity.
  • Ongoing purple team exercises to assess our response plans.

Although SOAR is not presented as a key technological control, much emphasis is placed on automating as much as possible in our cybersecurity processes and operations.

Training and skills development becomes a critical control.

With A3Sec's approach, your clients can reduce up to 51% of the cost of a data breach, is this true?

For 10 years we have assumed the responsibility of supporting our clients in the unified cybersecurity operation where the response to incidents becomes critical. Our Prevention, Detection and Response approach integrates a series of controls that we assume and operate continuously, constantly evolving. With this analysis carried out by IBM, we understand that several of our controls contribute significantly to mitigating the risk of a data breach. Below we show our capacities and the associated controls and the amount that it manages to reduce against said risk.

Let us Shield you!

A3Sec Group, after more than 20 years dedicated to transforming the cybersecurity function into a data-supported function, developing a SIEM and implementing its security operations centers in hundreds of organizations, has developed capabilities that bring managed services to a service of Unified Cybersecurity Operation through its CSVD®, do you want to know more? Let us shield you!


Otros Blogs

Isotipo A3Sec