IBM report shows healthcare has a growing cybersecurity gap

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

As companies set records for cybersecurity spending, the cost and severity of breaches continue to soar. IBM's latest Data Breach Report explains why there's a growing mismatch between corporate spending on cybersecurity and the record costs of data breaches.

2022 is on track to be a peak year for enterprise breaches globally, with the average cost of a data breach reaching $4.35 million. That's 12.7% more than the average cost of a data breach in 2020, which was $3.86 million. It also found a record 83% of companies reporting more than one breach and the average time to identify a breach is 277 days. Therefore, companies need to examine their cybersecurity technology stacks to see where the gaps are and what can be improved.

Strengthened security around privileged access credentials and identity management is a great place to start. More and more companies need to define identities as their new security perimeter. IBM's study found that 19% of all breaches start with compromised privileged credentials. Breaches caused by compromised credentials lasted an average of 327 days. Privileged access credentials are also bestsellers on the dark web, with high demand for access to financial services IT infrastructure.

The study also shows how reliant enterprises remain on implicit trust in their broader IT infrastructure and security technology stacks. Gaps in cloud security, identity and access management (IAM), and privileged access management (PAM) enable costly breaches. Seventy-nine percent of critical infrastructure organizations have not deployed a zero-trust architecture, yet zero-trust can reduce average losses per breach by almost $1 million.

Organizations should view implicit trust as an unlocked door that allows cybercriminals access to their most valuable systems, credentials, and confidential data to reduce the incidence of breaches.

What companies can learn from IBM's health breach data

The report quantifies the extent of the cybersecurity gap in healthcare. IBM's report estimates the average cost of a healthcare data breach is now a record high $10.1 million and nearly $1 million compared to the $9.23 million in the last year. Healthcare has had the highest average cost of breaches for twelve consecutive years, increasing 41.6% since 2020.

The findings suggest that the skyrocketing cost of breaches is adding inflationary fuel to the fire, as runaway prices cost consumers and businesses around the world financially. Sixty percent of organizations participating in IBM's study say they raised the prices of their products and services due to the breach, as supply chain disruptions, the war in Ukraine and weak demand for products are continuing. Consumers are already struggling to cope with healthcare spending, which is likely to rise 6.5% next year.

The study also found that nearly 30% of breach costs are incurred 12 to 24 months later, translating into permanent price increases for consumers.

"It's clear that cyberattacks evolve into market stressors that set off chain reactions, [and] we're seeing these breaches contribute to these inflationary pressures," said John Hendley, chief strategy officer for the IBM Security's X-Force search. crew.

Get quick wins in encryption

For healthcare providers with limited cybersecurity budgets, prioritizing these three areas can reduce the cost of a breach while moving toward zero-trust initiatives. Getting Identity Access Management (IAM) right is at the heart of a practical zero-trust framework, which can scale quickly and protect human and machine identities. The IBM study found that