Over $200 million lost to cyberattacks in 2022 alone, study shows

cyberattack
A receipt showing the estimated cost of cyberattacks to the top 25 companies in the Forbes 2000. Click the image to view in a new tab.

ramsac can now reveal which 25 of the world’s largest public companies listed in Forbes Global 2000 could suffer the biggest financial loss due to cyberattacks, based on 12 months’ financial data up to April 22, 2022. It may be surprising to learn the two companies that have the potential to incur the highest cyberattack costs are both tech giants.

Approximately 83% of the 550 organisations across 17 countries and 17 different industries studied in IBM’s latest Cost of Data Breach Report 2022 experienced more than one data breach, while 60% of breaches led to price increases for customers.

There was an enormous financial penalty to pay for organisations that experienced at least one cyberattack during the period from March 2021 to March 2022. The average cost of a data breach was an all-time high of $4.35 million which is a 2.6% increase on the previous year, and a 12.7% increase on 2020, amounting to major profit loss across all sectors.

The most expensive cyberattacks by sector

For the 12th consecutive year, the health and pharmaceutical sector incurred the highest cyberattack costs.

UnitedHealth Group (6th), Pfizer (8th) and CVS Health (9th) all racked up sizeable cyberattack costs of $10.01 million, $9.46 million and $9.1 million. UnitedHealth is ranked 22nd by Forbes, Pfizer 43rd and CVS 42nd.

The full data is below:

Forbes RankCompanyEstimated Cyberattack Cost (Million)
7Apple$12.86
12Microsoft$11.38
3Saudi Arabian Oil Company$10.87
1Berkshire Hathaway$10.31
11Alphabet$10.19
22UnitedHealth Group$10.01
6Amazon$9.91
43Pfizer$9.46
42CVS Health$9.11
4JPMorgan Chase$7.65
9Bank of America$7.47
34Meta Platforms$7.47
40Johnson & Johnson$7.43
18Wells Fargo$7.15
15ExxonMobil$7.11
36Morgan Stanley$7.09
37Goldman Sachs Group$6.98
27Citigroup$6.96
26Chevron$6.88
19Verizon Communications$6.75
23Walmart$6.74
32Comcast$6.72
20AT&T$6.56
46RBC$5.18
38HSBC Holdings$4.85

To find the total cost of a cyberattack we first considered the cost of the average cyberattack per country and the average cost per industry. Once we had these two costs, to make it more of a fair test, we added the combined total to each company’s % increase or decrease on their value compared to the average company value. This gave us the average total cost of a cyberattack on each company.

Data was taken from Forbes Global 2000 list, IBM’s Cost of a Data Breach report and where needed, company websites.

The importance of cyber defence

The IBM Cost of a Data Breach Report 2022 states that breaches at organisations with fully deployed security Artificial Intelligence (AI) and automation cost on average $3.05 million less than breaches at organisations with no security AI and automation deployed. In other words, fully deployed costs $3.15 million compared to $6.20 million for not deployed – a difference of 65.2% and the largest cost saving in the study at $3.05 million.

Businesses with fully deployed security also experienced a 74-day shorter time to identify and contain a breach than those without fully deployed security.

Similarly, almost three-quarters of organisations claimed to have an incident response (IR) team and 63% of those said they regularly tested their IR plan. Organisations with an IR team and tested IR plan experienced $2.66 million lower breach costs on average than organisations without these cyber defences – a 58% cost saving.

Rise in ransomware attacks

11% of breaches in the Forbes Global 2000 study were ransomware attacks, an increase from 7.8% in 2021. The average cost of a ransomware attack fell slightly from $4.62 million to $4.54 million yet is still higher than the overall average cost of $4.35 million.

Stolen or compromised credentials

The most common cause of a data breach remains stolen or compromised credentials, accounting for 19% with an average cost of $4.50 million. These breaches also had the longest impact, taking 243 days to identify the breach and another 84 days to contain it.

Phishing was the second most common breach at 16% and also the costliest with an average of $4.91 million.

Cyberattacks in numbers

83% – of organisations suffered more than one data breach

60% – of breaches led to customer price increases

79% – of critical infrastructure organisations had no ‘zero trust’ approach

59% – of all organisations that have no ‘zero trust’

45% – of breaches were cloud-based

19% – of breaches occurred because of a compromise at a business partner USD $4.35m – average total cost of a data breach

USD $4.82m – average cost of a critical infrastructure data breach

USD $4.54m – average cost of a ransomware attack

USD $1m – different in cost where remote work was a factor in a breach compared to when it was not

USD $5.05m – the UK’s average cost of a data breach

USD $3.05m – average cost saving with deployed security AI and automation

USD $2.66m – average cost saving with an IR team and tested plan

12 years – consecutive years the health and pharma industry had the highest average cost of a breach.

ramsac is an IT support company based in Godalming, Surrey. With specialisms in cybersecurity and Microsoft, ramsac have helped over 1000 local and national businesses with their IT over their 30 years in business. Founded by Rob May, a renowned cybersecurity expert, and Sally Cooper, in 1992, ramsac now works with a variety of well-known companies to help them with their IT. Their latest service, the Cyber Resilience Certification, helps companies to demonstrate their competence in cybersecurity to other suppliers and partners.

Related Posts

  • The importance of cybersecurity contingency planning for businesses

    The importance of cybersecurity contingency planning for businesses

    Cybersecurity

    Protect your data from cybercriminals and minimise downtime with an effective cybersecurity contingency plan. Read on. [...]

    Read article

  • How to Spot a Scam HMRC Letter 

    How to Spot a Scam HMRC Letter 

    Cybersecurity

    Learn how to spot fraudulent communications, like fake HMRC letters, and take steps to protect your personal information and finances from scammers. [...]

    Read article

  • What is Data Loss Prevention (DLP)?

    What is Data Loss Prevention (DLP)?

    CybersecurityTechnical Blog

    Explore how Data Loss Prevention (DLP) strategies and tools protect sensitive data, ensure regulatory compliance, and mitigate risks from insider threats, enabling organisations to stay secure and resilient in [...]

    Read article

  • AI-Driven Threat Detection and Response

    AI-Driven Threat Detection and Response

    AICybersecurityTechnical Blog

    This blog explores how AI-driven cybersecurity is transforming threat detection and response with real-time, adaptive defenses against evolving cyber threats. [...]

    Read article

  • Why you should invest in Cybersecurity Consultancy

    Why you should invest in Cybersecurity Consultancy

    Cybersecurity

    n an increasingly complex cyber threat landscape, investing in cybersecurity consultancy is essential to protect your business from potential risks and ensure long-term resilience. [...]

    Read article

  • Everything you need to know about the transition to ISO 27001:2022 

    Everything you need to know about the transition to ISO 27001:2022 

    Cybersecurity

    This blog explains the essential steps and timeline for transitioning from ISO 27001:2013 to ISO 27001:2022, ensuring your organisation maintains its certification before the October 2025 deadline. [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?