The Growing Cost of Data Breaches, Especially in HealthcareLimor Kessem of IBM Security Discusses Annual Report Findings
Healthcare data breaches cost on average about $10.1 million per incident, more than double the average cost of breaches across other industries. That figure ranks healthcare as the sector with the most expensive data breaches, says Limor Kessem, principal consultant of cyber crisis management at IBM Security.
IBM just released its annual Cost of a Data Breach Report, for which it commissioned the Ponemon Institute to poll the private sector for breach data, obtaining results from 550 organizations in 17 industries globally between March 2021 and March 2022.
The average cost of breaches across all industries has reached an all-time high of about $4.35 million, Kessem says in an interview with Information Security Media Group.
Data breach costs include related lost business, incident detection and escalation, notification and post-breach response.
Slower Detection, Containment
Healthcare has not only topped other industries for the 12 years in a row Ponemon has studied data breach costs, but it is also slower to identify and contain breaches, Kessem says.
The sector takes nearly 11 months to identify and contain the average data breach, she says. "That's more than 14% longer than other sectors."
"We know that healthcare organizations are stretched thin during the pandemic and they have also seen an increase in attacks, especially over the last three years, with more ransomware extortions," she says.
"Cybercriminals are seeing more leverage in that sector."
In the interview (see audio link below photo), Kessem also discusses:
- The most common types of breaches experienced by healthcare sector entities, and top factors contributing to these incidents and their associated costs;
- Data breach trends in the pharmaceutical sector and other industries;
- The impact of zero trust, automation and other security technologies and approaches on data breach costs.
In her role at IBM, Kessem leverages her more than a decade of experience in cyber risk and security to counsel CSOs, CISOs and CIOs at some of the world's largest corporations and governments. In addition to her work with IBM, she is part of the Tel-Aviv University Blavatnik Interdisciplinary Cyber Research Center.