The average cost of a data breach in France is 4.27 million euros, up from 4.5 million euros last year, according to IBM’s latest report on the subject, an annual study called “The Cost of a Data Breach.” This figure, which is slightly lower but relatively stable, places France in the middle of the 17 countries included in this study.
With an average of $4.35 million per incident (€4.28 million), this cost has nevertheless reached a new record, rising by 12.7% over the past two years. American companies recorded the highest average costs. It rose 4.3% to $9.44 million. For businesses in the Middle East, this average cost reached $7.46 million, up from $6.93 million in 2021. Canada, the UK and Germany round out the top row with average losses of $5.64 million, $5.05 million and $4.85 million.
The study by the Ponemon Institute for Big Blue is based on an analysis of data breaches that affected 550 organizations between March 2021 and March 2022. ) has already been a victim of similar actions. 60% of businesses said they raised the prices of their products and services because of losses.
207 days to detect a leak
On average, it took targeted companies 207 days to identify a data breach. It then took them 70 days to contain it. This is an overall decrease of a few days compared to last year’s results (212 days to detect a violation and 75 days to stop it). Human error, negligent actions of employees or external contractors, accounted for 21% of incidents. A slightly smaller share (19%) is accounted for by IT attacks by vendors. The average cost of these hacks is slightly higher ($4.46 million). And, above all, they represent crises lasting more than 26 days, which shows that they are more difficult to identify and contain.
Finally, about 11% of violations were caused by ransomware attacks. Working methods have increased dramatically, by 41%, accounting for only about 8% of computer hacks last year. However, the average cost of these attacks has decreased slightly, from $4.62 million in 2021 to $4.54 million. The most common attack vectors are credential theft or compromise, followed by phishing.
The health sector regrets the biggest losses
If we look at the average costs according to the activities of the victim companies, we can see that medical firms recorded a record average cost of $10.1 million per data breach. This is almost $1 million more than in 2021.
For companies in the sector, this value has increased by 41.6% since 2020. It also amounts to $5.97 million in data breaches for financial services companies.
Overall, companies working on critical infrastructure reported an average cost of $4.82 million. This is $1 million more than the average value seen by companies in other sectors. 28% of organizations operating critical infrastructure have suffered a disruptive or ransomware attack, and 17% have experienced a breach by a vendor.
Impact of security policies
The IBM study also attempted to measure the impact of security policies. Thus, 80% of critical infrastructure companies that did not implement Zero Trust, this information security model that denies access to applications and data by default, spent an average of $1.17 million more to contain data breaches.
Similarly, companies that deployed AI and security automation tools cut their data breach costs by $3.05 million. A remote work-related data breach costs $4.99 million per incident, an average of nearly $1 million more.
The study reports that 62% of companies that said they lacked cybersecurity staff had $550,000 higher spending. Finally, the bill for companies affected by ransomware is lower at $630,000 than for those who choose to pay the ransom. But this addition is misleading. This does not take into account the amount extorted from the victim.