View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Critical infrastructure providers pay $1m extra for data breaches

Utility companies pay a high price for data breaches, a new report says. Zero trust security environments can help.

By Claudia Glover

Data breaches of critical national infrastructure (CNI) cost on average $1m more than those hitting other organisations, a new report says. Deploying a zero trust environment is one way to mitigate these heavy losses, according to the 2022 Cost of a Data Breach research from IBM and the Ponemon Institute.

Released today, the report shows that the overall average cost of a data breach globally in 2022 was $4.35m, up 2.6% year-on-year. For CNI organisations, this rises to $4.82m, 22.9% more expensive than the average cost for other businesses polled by researchers ($3.83m).

The research draws on a global survey of 550 organisations that had suffered a data breach.

Cost of a Data Breach 2022: critical infrastructure attacks are costly

Critical national infrastructure like power plants and other utilities are increasingly popular targets for hackers because of the destruction that can be caused. In April, the Five Eyes security alliance, which includes the UK and the US, issued a warning that CNI could become a target for Russian hackers, while a hacking gang also recently claimed responsibility for a fire at an Israeli power plant, though experts believe these claims are dubious.

The increased cost comes despite the fact that CNI organisations usually detect breaches of their systems quicker than the average, the report says. It shows the mean time to identify in critical infrastructure industries was 204 days, compared to 211 days for other industries. CNI also fix problems slightly quicker, with the average to remediate a breach being 69 days, compared to 71 days for other industries.

This proficiency in detecting a breach may be due to the heavy consequences of shutting down the systems. “If a utility company gets compromised, they have the potential to shut down all businesses connected to electrical distribution, which then could cause millions of dollars of loss per second,” says Paul Smith, field CTO of OT security company SCADAfence.

CNI organisations that implemented a zero trust approach to security were able to reduce the cost of a data breach, the report notes. Those with a zero trust set-up incurred average costs of $4.23m per breach, compared to $5.4m for those that selected a different security set-up.

Content from our partners
Why enterprises of all sizes must  embrace smart manufacturing solutions
European Technology Leadership: Deutsche Bank CTO Gordon Mackechnie
Print’s role in driving the environmental agenda

But despite this, zero trust remains an uncommon strategy among CNI organisations, with only 21% deploying zero trust security environments, less than half the global average.

Read more: Personal data breaches are falling, except in Russia

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy