Why this report matters

Complimentary Zero Trust Framing & Discovery Workshop

  • Understand your ability to implement an effective Zero Trust strategy
  • Map use cases to the Zero Trust implementation strategy
  • Gain clarity and prioritisation on Zero Trust projects and initiatives
  • Address the impact of the changing regulatory environment

Highlights

Key findings

2021 had the highest average cost in 17 years

Line drawing of graph with rising data

Data breach costs rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of this report.

Remote work due to COVID-19 increased cost

Line drawing of location pointer

The average cost was USD 1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.

Compromised credentials caused the most breaches

Line drawing of circle graph with two x marks

The most common initial attack vector, compromised credentials, was responsible for 20% of breaches at an average breach cost of USD 4.37 million.

Security AI had the biggest cost-mitigating effect

Line drawing of two overlapping circles with opposing arrows

Automation and security artificial intelligence (AI), when fully deployed, provided the biggest cost mitigation, up to USD 3.81 million less than organizations without it. 

A zero trust approach helped reduce cost

Line drawing of shield with person in center

The average cost of a breach was USD 1.76 million less at organizations with a mature zero trust approach, compared to organizations without zero trust.

Cloud migration impacted costs and containment

Line drawing of cloud and two connected servers

Organizations further along in their cloud modernization strategy contained the breach on average 77 days faster than those in the early stage of their modernization journey.

Take the next step

Footnotes

*Note that this report does not constitute advice, and any recommendations are for educational purposes only. The research does not use scientific samples, and other limitations need to be carefully considered before drawing conclusions from findings.