The Cost of a Phishing-Related Data Breach Has Never Been Higher

September 02, 2022

No organization is ever ready to pay the cost of a data breach. But many unfortunate organizations end up in that position every year, and now it will cost them even more money to recover, especially if their data breach is phishing related. The IBM Cost of a Data Breach 2022 report revealed that the cost of a data breach has gone up and that the presence or absence of some elements changes that calculus. Many factors can impact the cost of a data breach, and a data breach is much more expensive if the attack vector of a data breach is phishing.   


AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>


Data breach cost has reached a new record


The cost of a data breach in 2022 is a new record $4.35 million. That’s an increase of 2.6% from the 2021 data breach cost of $4.2 million per incident, and a substantial increase in the cost of a breach in a two-year span, up 12.7% from 2020’s $3.86 million. The cost of a data breach may have only grown a little between 2021 and 2022, but it has grown substantially over a two-year period. This year’s data breach costs 12.7% more than a breach in 2020 at $3.86 million, illustrating the constantly rising danger of a data security incident to a company’s bottom line.    

Source: IBM


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>


Data breach costs vary by country 


Geography plays a role in the cost of a data breach. A host of factors that vary from region to region drive the price up or down like the availability of skilled IT staffers, regulatory penalties, currency valuation or seasonal complications. To no one’s surprise, the U.S. is in the top spot for data breach cost for the 12th consecutive year, with an average data breach cost of $9.44 million. That’s a 4.3% increase over 2021. The Middle East region had the second-highest cost of a data breach, increasing from $ 6.93 million in 2021 to $7.46 million in 2022, a change of 7.6%. Rounding out the top three, Canada was again the third highest cost country at $5.64 million up 4.4% from 2021.   

Unfortunately for U.K.-based companies, that region ascended four spots on the chart in 2022, jumping from eighth to fourth. The average total cost of a breach in the United Kingdom is $5.05 million, up 8.1% from 2021. The largest relative cost increase occurred in Brazil. While it’s 16th on the list at $1.38 million, that was an increase of 27.8% over 2021’s numbers. One bright spot is the fact that six of the 17 regions in the survey — Germany, Japan, France, South Korea, Scandinavia and Turkey — saw a decrease in the average total cost of a data breach. The largest cost decrease enjoyed by Turkey in 17th place, where costs Turkey plummeted by 42%, dropping to $1.11 million this year. 

The Top 5 Countries or Regions with the Highest Data Breach Cost  

  1. The United States = $9.44 million   
  2. The Middle East = $7.46 million   
  3. Canada = $5.64 million   
  4. The United Kingdom = $5.05 million   
  5. Germany = $4.85 million 

Source: IBM


See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


Phishing & Related Attacks Add Expense 


The average data breach takes 277 days to identify and contain, but the presence or absence of certain technologies and the attack vector can make a huge difference in that cost. Vectors with longer mean times to identify and contain, such as phishing or business email compromise, spawn the most expensive data breaches. Stolen or compromised credentials are the initial attack vector with the longest mean time to identify and contain a breach, 327 days. That time is 16.6% greater than the overall mean time to identify and contain a data breach.  

If phishing or a phishing-related cyberattack is the vector for a data breach, it’s going to cost more than average. Breaches caused by business email compromise had the second highest mean time to identify and contain, at 308 days. Phishing can send the cost of a data breach soaring too. It is the costliest attack vector and it has the third highest mean time to identify and contain at 295 days. 

Source: IBM


Explore today’s biggest threats & what’s next in The State of Email Security 2022 GET IT>>


AI slashes data breach cost 


Companies that have chosen to invest in automation and AI-powered tools save a substantial sum in the event that they have a data breach. How much? Fully deployed security automation and AI-enabled tools reduce breach costs by a whopping 65.2%. Researchers determined that a data breach in an organization that has fully deployed security AI and automation costs $3.05 million less than breaches at organizations without AI and automation deployed.  The massive savings that businesses get from fully deployed automation and AI is the largest cost savings in the study, providing even more evidence that automation and AI are security game-changers.   

Source: IBM


See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>


Make the Smart Choice: Automated, AI-Enabled, API Email Security


In a recent survey, less than half of organizations ranked their current email security solutions as effective. That’s a sure path to disaster. However, companies that choose Graphus can feel confident that they’re protected from major sources of trouble by AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats. They can also feel confident that they’re getting a great deal – Graphus is only about half of the cost of the competition.    

These benefits make making the switch to Graphus an easy choice.    

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.     
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.    
  • Put 3 layers of protection between employees and dangerous email messages.    
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.       
  • Click here to watch a video demo of Graphus now.   

If you’re already using BullPhish ID for security and compliance awareness training and phishing simulations, you’ll love our latest integration Advanced Phishing Simulations (Drop-A-Phish). This feature leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users when running phishing simulations. LEARN MORE>> 

Not using BullPhish ID? You’re missing out on training with a winner that tops the cart as a phishing simulator. LEARN MORE>>


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus