Phil Muncaster recently published an article on InfoSecurity-magazine.com entitled Fifth of Government Workers Don’t Care if Employer is Hacked. Muncaster compiled the article using data from an Ivanti poll of 800 public sector workers (USA).
In an environment where data breaches and ransomware attacks are feared by business owners it is surprising to learn that a culture of unaccountability, poor cyber-hygiene and limited staff training are creating a perfect storm of cyber risk for governments worldwide. Ivanti went so far as to state that many workers are unbothered about the prospect of a serious data breach! It found a ‘not my job’ attitude is exposing governments to excessive cyber risk.
- 34% of workers recognized that their actions impact their organization’s security posture.
- 36% said they haven’t reported phishing emails in the past
- 21% said they don’t even care if the organization is hacked
- Ivanti also found poor security practice was widespread
- 40% used the same password for over a year
- 34% have used the same password across multiple devices
- 12% admitted accessing sensitive information they didn’t require for work
As discussed in a recent blog post the IBM Cost of a Data Breach Report 2022, revelaled that:
- 83% of organizations studied have had more than one data breach.
- 60% of organizations’ breaches led to increases in prices passed on to customers.
The average total cost of a data breach has reached an all-time high it averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from 2021, when the average cost of a breach was USD 4.24 million. That’s up 12.7% from USD 3.86 million in the 2020 report.
- 83% Percentage of organizations that have had more than one data breach
- 17% said this was their first data breach.
- 60% of organizations studied stated that they increased the price of their services or products because of the breach.
USD 4.54 million is the average cost of a ransomware attack, doesn’t include the cost of the ransom itself. 11% of breaches in the study were ransomware attacks, an increase from 2021, when 7.8% of data breaches were ransomware attacks. That represents a growth rate of 41%.
On a positive note, the average cost of a ransomware attack dropped slightly, from USD 4.62 million in 2021 to USD 4.54 million in 2022. Slightly higher than the overall average total cost of a data breach, USD 4.35 million. This cost does not include the cost of the ransom itself.
19% frequency of breaches caused by stolen or compromised credentials. Stolen or compromised credentials are still the most common cause of a data breach. This type of breach had an average cost of USD 4.50 million. They also have the longest lifecycle – 243 days to identify the breach, plus 84 days to contain the breach.
Phishing was the second most common and most expensive cause of a data breach at 16%, averaging USD 4.91 million in breach costs.
Who is being most affected by data breaches and ransomware attacks?
The top five industries affected are:
- Healthcare breach costs have been the most expensive industry for 12 years running, increasing by 41.6% since the 2020 report.
- Financial averaging USD 5.97 million
- Pharmaceuticals at USD 5.01 million
- Technology at USD 4.97 million.
- Energy at USD 4.72 million.
The top five countries and regions for the highest average cost of a data breach were:
- United States at USD 9.44 million
- Middle East at USD 7.46 million
- Canada at USD 5.64 million
- United Kingdom at USD 5.05 million
- Germany at USD 4.85 million.
Statistics sourced from IBM Cost of a Data Breach Report 2022,