View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 27, 2022updated 17 Aug 2022 9:11am

Critical infrastructure providers pay $1m extra for data breaches

Utility companies pay a high price for data breaches, a new report says. Zero trust security environments can help.

By Claudia Glover

Data breaches of critical national infrastructure (CNI) cost on average $1m more than those hitting other organisations, a new report says. Deploying a zero trust environment is one way to mitigate these heavy losses, according to the 2022 Cost of a Data Breach research from IBM and the Ponemon Institute.

Released today, the report shows that the overall average cost of a data breach globally in 2022 was $4.35m, up 2.6% year-on-year. For CNI organisations, this rises to $4.82m, 22.9% more expensive than the average cost for other businesses polled by researchers ($3.83m).

The research draws on a global survey of 550 organisations that had suffered a data breach.

Cost of a Data Breach 2022: critical infrastructure attacks are costly

Critical national infrastructure like power plants and other utilities are increasingly popular targets for hackers because of the destruction that can be caused. In April, the Five Eyes security alliance, which includes the UK and the US, issued a warning that CNI could become a target for Russian hackers, while a hacking gang also recently claimed responsibility for a fire at an Israeli power plant, though experts believe these claims are dubious.

The increased cost comes despite the fact that CNI organisations usually detect breaches of their systems quicker than the average, the report says. It shows the mean time to identify in critical infrastructure industries was 204 days, compared to 211 days for other industries. CNI also fix problems slightly quicker, with the average to remediate a breach being 69 days, compared to 71 days for other industries.

This proficiency in detecting a breach may be due to the heavy consequences of shutting down the systems. “If a utility company gets compromised, they have the potential to shut down all businesses connected to electrical distribution, which then could cause millions of dollars of loss per second,” says Paul Smith, field CTO of OT security company SCADAfence.

CNI organisations that implemented a zero trust approach to security were able to reduce the cost of a data breach, the report notes. Those with a zero trust set-up incurred average costs of $4.23m per breach, compared to $5.4m for those that selected a different security set-up.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

But despite this, zero trust remains an uncommon strategy among CNI organisations, with only 21% deploying zero trust security environments, less than half the global average.

Read more: Personal data breaches are falling, except in Russia

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.