As digitalisation continues to permeate the world we live in, our burgeoning cross-sector reliance on technology provides an ever-swelling opportunity for cybercriminals.

As cybersecurity evolves, these criminals have become equally sophisticated in their tactics. Consequently, the average cost of a data breach has continued to rise.

Every security incident where one party gains unauthorised access to another party's information is a data breach. The definition of a breach is an event in which an individual’s name and a medical record, a financial record or both, or debit card are potentially put at risk. External factors and employees can be responsible for a data breach; while breaches don’t have to be intentional, a majority of them are.

Every security incident where one party gains unauthorised access to another party's information is a data breach.

Ascertaining the potential cost of a data breach is challenging as every business has unique exposures, and the risk landscape is evolving at pace. IBM/Ponemon Institute’s Cost of a Data Breach Report 2022 indicates the growing importance of making informed decisions regarding your organisation’s cyber resilience. Here are our top six findings from the report:

  1. The cost of a breach is rising rapidly
    The average cost of a single record involved in a data breach and total cost both hit a seven-year high in 2022. The global average total cost of a data breach increased by GBP 0.099 million to GBP 3.93 million. The global per record cost of a data breach was GBP 148, a 1.9% increase from GBP 145 in 2021.
  2. UK data breaches are costlier than in the EU
    The cost of a data breach in the UK has jumped 8.1%. The average total cost of a data breach for the UK has continued to climb – it is now in fourth place globally, beating France, Japan and Germany at GBP 4.56 million. Only the US, the Middle East and Canada recorded higher average costs.
  3. The recurrence of breaches is climbing
    Of the 550 companies polled, 83% said it wasn’t their first data breach. Repeated data breaches can result from an unpatched vulnerability in a company’s network. Human error is also a major exposure, and employees without adequate cybersecurity training are easy phishing or malware targets.
  4. Breaches as a result of phishing and business email compromise are the most costly
    The attack vector (method of attack) impacts the cost of a breach. On average, the costliest initial attack vector in 2022 was phishing at GBP 4.43 million, while business email compromise cost GBP 4.41 million. The most common method of attack was stolen or compromised credentials (19% of breaches, GBP 4.06 million), with phishing at 16% and business email compromise at 6%. These findings emphasise that businesses must focus on staff training and perimeter security.
  5. Ransomware breaches take longer to contain and are more costly
    The average cost of dealing with a ransom was GBP 4.10 million (excl. the cost of the demand) and, on average, took 237 days to identify and further 89 days to contain. For those that didn’t pay the ransom, costs rose to an average of GBP 4.62 million.
  6. Nearly one-fifth of breaches were a result of a supply chain compromise
    Nineteen percent of all losses globally come from a breach of a supply chain partner and the average total cost of a supply chain compromise was GBP 4.03 million. A supply chain breach took, on average, 26 days longer to identify and contain than the global average.
On average ransomware breaches took 237 days to identify and further 89 days to contain.

Understanding your cyber vulnerabilities

Cybersecurity is not an ‘add on’ and must be embedded in your processes and culture. Targeted investment requires a careful assessment of your organisation’s current and future needs and capabilities. The majority of breaches are caused by failures on the part of people and processes. Therefore, when it comes to investment, training and awareness are equally as important as the latest technical solutions.

The rising cost of a data breach: Top six considerations for your business

After targeting and fixing gaps between risks and capabilities, you should also ensure your spend will sustain your existing capabilities as the threat landscape evolves. Otherwise, you may find that you are simply creating new gaps and leaving your company exposed.

Gallagher offers risk management strategies for every size of business and every budget, from multi-national corporations to SMEs. We recognise that every organisation is unique, and we will work with you to determine the most appropriate services for your cyber risk.


The data in this article has been sourced from the IBM/Ponemon Institute’s Cost of a Data Breach Report 2022.


The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.