Over $200 million lost to cyberattacks in 2022 alone, study shows
Posted on December 21, 2022 by Louise Howland
ramsac can now reveal which 25 of the world’s largest public companies listed in Forbes Global 2000 could suffer the biggest financial loss due to cyberattacks, based on 12 months’ financial data up to April 22, 2022. It may be surprising to learn the two companies that have the potential to incur the highest cyberattack costs are both tech giants.
Approximately 83% of the 550 organisations across 17 countries and 17 different industries studied in IBM’s latest Cost of Data Breach Report 2022 experienced more than one data breach, while 60% of breaches led to price increases for customers.
There was an enormous financial penalty to pay for organisations that experienced at least one cyberattack during the period from March 2021 to March 2022. The average cost of a data breach was an all-time high of $4.35 million which is a 2.6% increase on the previous year, and a 12.7% increase on 2020, amounting to major profit loss across all sectors.
The most expensive cyberattacks by sector
For the 12th consecutive year, the health and pharmaceutical sector incurred the highest cyberattack costs.
UnitedHealth Group (6th), Pfizer (8th) and CVS Health (9th) all racked up sizeable cyberattack costs of $10.01 million, $9.46 million and $9.1 million. UnitedHealth is ranked 22nd by Forbes, Pfizer 43rd and CVS 42nd.
The full data is below:
| Forbes Rank | Company | Estimated Cyberattack Cost (Million) |
| 7 | Apple | $12.86 |
| 12 | Microsoft | $11.38 |
| 3 | Saudi Arabian Oil Company | $10.87 |
| 1 | Berkshire Hathaway | $10.31 |
| 11 | Alphabet | $10.19 |
| 22 | UnitedHealth Group | $10.01 |
| 6 | Amazon | $9.91 |
| 43 | Pfizer | $9.46 |
| 42 | CVS Health | $9.11 |
| 4 | JPMorgan Chase | $7.65 |
| 9 | Bank of America | $7.47 |
| 34 | Meta Platforms | $7.47 |
| 40 | Johnson & Johnson | $7.43 |
| 18 | Wells Fargo | $7.15 |
| 15 | ExxonMobil | $7.11 |
| 36 | Morgan Stanley | $7.09 |
| 37 | Goldman Sachs Group | $6.98 |
| 27 | Citigroup | $6.96 |
| 26 | Chevron | $6.88 |
| 19 | Verizon Communications | $6.75 |
| 23 | Walmart | $6.74 |
| 32 | Comcast | $6.72 |
| 20 | AT&T | $6.56 |
| 46 | RBC | $5.18 |
| 38 | HSBC Holdings | $4.85 |
To find the total cost of a cyberattack we first considered the cost of the average cyberattack per country and the average cost per industry. Once we had these two costs, to make it more of a fair test, we added the combined total to each company’s % increase or decrease on their value compared to the average company value. This gave us the average total cost of a cyberattack on each company.
Data was taken from Forbes Global 2000 list, IBM’s Cost of a Data Breach report and where needed, company websites.
The importance of cyber defence
The IBM Cost of a Data Breach Report 2022 states that breaches at organisations with fully deployed security Artificial Intelligence (AI) and automation cost on average $3.05 million less than breaches at organisations with no security AI and automation deployed. In other words, fully deployed costs $3.15 million compared to $6.20 million for not deployed – a difference of 65.2% and the largest cost saving in the study at $3.05 million.
Businesses with fully deployed security also experienced a 74-day shorter time to identify and contain a breach than those without fully deployed security.
Similarly, almost three-quarters of organisations claimed to have an incident response (IR) team and 63% of those said they regularly tested their IR plan. Organisations with an IR team and tested IR plan experienced $2.66 million lower breach costs on average than organisations without these cyber defences – a 58% cost saving.
Rise in ransomware attacks
11% of breaches in the Forbes Global 2000 study were ransomware attacks, an increase from 7.8% in 2021. The average cost of a ransomware attack fell slightly from $4.62 million to $4.54 million yet is still higher than the overall average cost of $4.35 million.
Stolen or compromised credentials
The most common cause of a data breach remains stolen or compromised credentials, accounting for 19% with an average cost of $4.50 million. These breaches also had the longest impact, taking 243 days to identify the breach and another 84 days to contain it.
Phishing was the second most common breach at 16% and also the costliest with an average of $4.91 million.
Cyberattacks in numbers
83% – of organisations suffered more than one data breach
60% – of breaches led to customer price increases
79% – of critical infrastructure organisations had no ‘zero trust’ approach
59% – of all organisations that have no ‘zero trust’
45% – of breaches were cloud-based
19% – of breaches occurred because of a compromise at a business partner USD $4.35m – average total cost of a data breach
USD $4.82m – average cost of a critical infrastructure data breach
USD $4.54m – average cost of a ransomware attack
USD $1m – different in cost where remote work was a factor in a breach compared to when it was not
USD $5.05m – the UK’s average cost of a data breach
USD $3.05m – average cost saving with deployed security AI and automation
USD $2.66m – average cost saving with an IR team and tested plan
12 years – consecutive years the health and pharma industry had the highest average cost of a breach.
ramsac is an IT support company based in Godalming, Surrey. With specialisms in cybersecurity and Microsoft, ramsac have helped over 1000 local and national businesses with their IT over their 30 years in business. Founded by Rob May, a renowned cybersecurity expert, and Sally Cooper, in 1992, ramsac now works with a variety of well-known companies to help them with their IT. Their latest service, the Cyber Resilience Certification, helps companies to demonstrate their competence in cybersecurity to other suppliers and partners.
