Over $200 Million Lost to Cyberattacks in 2022 Alone, Study Shows

cyberattack
A receipt showing the estimated cost of cyberattacks to the top 25 companies in the Forbes 2000. Click the image to view in a new tab.

ramsac can now reveal which 25 of the world’s largest public companies listed in Forbes Global 2000 could suffer the biggest financial loss due to cyberattacks, based on 12 months’ financial data up to April 22, 2022. It may be surprising to learn the two companies that have the potential to incur the highest cyberattack costs are both tech giants.

Approximately 83% of the 550 organisations across 17 countries and 17 different industries studied in IBM’s latest Cost of Data Breach Report 2022 experienced more than one data breach, while 60% of breaches led to price increases for customers.

There was an enormous financial penalty to pay for organisations that experienced at least one cyberattack during the period from March 2021 to March 2022. The average cost of a data breach was an all-time high of $4.35 million which is a 2.6% increase on the previous year, and a 12.7% increase on 2020, amounting to major profit loss across all sectors.

The Most Expensive Cyberattacks by Sector

For the 12th consecutive year, the health and pharmaceutical sector incurred the highest cyberattack costs.

UnitedHealth Group (6th), Pfizer (8th) and CVS Health (9th) all racked up sizeable cyberattack costs of $10.01 million, $9.46 million and $9.1 million. UnitedHealth is ranked 22nd by Forbes, Pfizer 43rd and CVS 42nd.

The full data is below:

Forbes RankCompanyEstimated Cyberattack Cost (Million)
7Apple$12.86
12Microsoft$11.38
3Saudi Arabian Oil Company$10.87
1Berkshire Hathaway$10.31
11Alphabet$10.19
22UnitedHealth Group$10.01
6Amazon$9.91
43Pfizer$9.46
42CVS Health$9.11
4JPMorgan Chase$7.65
9Bank of America$7.47
34Meta Platforms$7.47
40Johnson & Johnson$7.43
18Wells Fargo$7.15
15ExxonMobil$7.11
36Morgan Stanley$7.09
37Goldman Sachs Group$6.98
27Citigroup$6.96
26Chevron$6.88
19Verizon Communications$6.75
23Walmart$6.74
32Comcast$6.72
20AT&T$6.56
46RBC$5.18
38HSBC Holdings$4.85

To find the total cost of a cyberattack we first considered the cost of the average cyberattack per country and the average cost per industry. Once we had these two costs, to make it more of a fair test, we added the combined total to each company’s % increase or decrease on their value compared to the average company value. This gave us the average total cost of a cyberattack on each company.

Data was taken from Forbes Global 2000 list, IBM’s Cost of a Data Breach report and where needed, company websites.

The Importance of Cyber Defence

The IBM Cost of a Data Breach Report 2022 states that breaches at organisations with fully deployed security Artificial Intelligence (AI) and automation cost on average $3.05 million less than breaches at organisations with no security AI and automation deployed. In other words, fully deployed costs $3.15 million compared to $6.20 million for not deployed – a difference of 65.2% and the largest cost saving in the study at $3.05 million.

Businesses with fully deployed security also experienced a 74-day shorter time to identify and contain a breach than those without fully deployed security.

Similarly, almost three-quarters of organisations claimed to have an incident response (IR) team and 63% of those said they regularly tested their IR plan. Organisations with an IR team and tested IR plan experienced $2.66 million lower breach costs on average than organisations without these cyber defences – a 58% cost saving.

Rise in Ransomware Attacks

11% of breaches in the Forbes Global 2000 study were ransomware attacks, an increase from 7.8% in 2021. The average cost of a ransomware attack fell slightly from $4.62 million to $4.54 million yet is still higher than the overall average cost of $4.35 million.

Stolen or Compromised Credentials

The most common cause of a data breach remains stolen or compromised credentials, accounting for 19% with an average cost of $4.50 million. These breaches also had the longest impact, taking 243 days to identify the breach and another 84 days to contain it.

Phishing was the second most common breach at 16% and also the costliest with an average of $4.91 million.

Cyberattacks in Numbers

83% – of organisations suffered more than one data breach

60% – of breaches led to customer price increases

79% – of critical infrastructure organizations had no ‘zero trust’ approach

59% – of all organizations that have no ‘zero trust’

45% – of breaches were cloud-based

19% – of breaches occurred because of a compromise at a business partner USD $4.35m – average total cost of a data breach

USD $4.82m – average cost of a critical infrastructure data breach

USD $4.54m – average cost of a ransomware attack

USD $1m – different in cost where remote work was a factor in a breach compared to when it was not

USD $5.05m – the UK’s average cost of a data breach

USD $3.05m – average cost saving with deployed security AI and automation

USD $2.66m – average cost saving with an IR team and tested plan

12 years – consecutive years the health and pharma industry had the highest average cost of a breach.

ramsac is an IT support company based in Godalming, Surrey. With specialisms in cybersecurity and Microsoft, ramsac have helped over 1000 local and national businesses with their IT over their 30 years in business. Founded by Rob May, a renowned cybersecurity expert, and Sally Cooper, in 1992, ramsac now works with a variety of well-known companies to help them with their IT. Their latest service, the Cyber Resilience Certification, helps companies to demonstrate their competence in cybersecurity to other suppliers and partners.

Related Posts

  • Understanding the dangers of ‘Permission Creep’

    Understanding the dangers of ‘Permission Creep’

    Cybersecurity

    This blog post explains what permission creep is, how it can expose sensitive data to unauthorised users, and what steps an organisation can take to prevent permission creep. [...]

    Read article

  • Using cybersecurity training to reduce an organisation’s risk of a cyberattack.

    Using cybersecurity training to reduce an organisation’s risk of a cyberattack.

    Cybersecurity

    Cybersecurity training is an important tool for organisations to prevent and mitigate cyberattacks, we explore the types of training available to organisations. [...]

    Read article

  • The risks of ChatGPT, and the Rise of AI.

    The risks of ChatGPT, and the Rise of AI.

    Cybersecurity

    Artificial intelligence (AI) is a game-changing technology in this blog we explore the risks and benefits of using AI-powered language models such as ChatGPT [...]

    Read article

  • How secure is MFA based on SMS and Voice calls?

    How secure is MFA based on SMS and Voice calls?

    Cybersecurity

    In this blog ramsac's cybersecurity expert Voke Augoye explores how secure Multi-factor authentication is when using SMS and voice calls. [...]

    Read article

  • Microsoft Office – High Severity Vulnerability

    Microsoft Office – High Severity Vulnerability

    Cybersecurity

    Earlier this month Microsoft announced there was a High Severity vulnerability affecting Microsoft Office products. In this blog we explain what the vulnerability is and how to protect against it. [...]

    Read article

  • EDR, MDR, XDR, SIEM, SOC – understanding the jargon in cybersecurity monitoring

    EDR, MDR, XDR, SIEM, SOC – understanding the jargon in cybersecurity monitoring

    Cybersecurity

    The cybersecurity product market is full of acronyms which can make it hard to determine what security monitoring services you need, and what benefits you get from them, this [...]

    Read article