Over $200 Million Lost to Cyberattacks in 2022 Alone, Study Shows

cyberattack
A receipt showing the estimated cost of cyberattacks to the top 25 companies in the Forbes 2000. Click the image to view in a new tab.

ramsac can now reveal which 25 of the world’s largest public companies listed in Forbes Global 2000 could suffer the biggest financial loss due to cyberattacks, based on 12 months’ financial data up to April 22, 2022. It may be surprising to learn the two companies that have the potential to incur the highest cyberattack costs are both tech giants.

Approximately 83% of the 550 organisations across 17 countries and 17 different industries studied in IBM’s latest Cost of Data Breach Report 2022 experienced more than one data breach, while 60% of breaches led to price increases for customers.

There was an enormous financial penalty to pay for organisations that experienced at least one cyberattack during the period from March 2021 to March 2022. The average cost of a data breach was an all-time high of $4.35 million which is a 2.6% increase on the previous year, and a 12.7% increase on 2020, amounting to major profit loss across all sectors.

The Most Expensive Cyberattacks by Sector

For the 12th consecutive year, the health and pharmaceutical sector incurred the highest cyberattack costs.

UnitedHealth Group (6th), Pfizer (8th) and CVS Health (9th) all racked up sizeable cyberattack costs of $10.01 million, $9.46 million and $9.1 million. UnitedHealth is ranked 22nd by Forbes, Pfizer 43rd and CVS 42nd.

The full data is below:

Forbes RankCompanyEstimated Cyberattack Cost (Million)
7Apple$12.86
12Microsoft$11.38
3Saudi Arabian Oil Company$10.87
1Berkshire Hathaway$10.31
11Alphabet$10.19
22UnitedHealth Group$10.01
6Amazon$9.91
43Pfizer$9.46
42CVS Health$9.11
4JPMorgan Chase$7.65
9Bank of America$7.47
34Meta Platforms$7.47
40Johnson & Johnson$7.43
18Wells Fargo$7.15
15ExxonMobil$7.11
36Morgan Stanley$7.09
37Goldman Sachs Group$6.98
27Citigroup$6.96
26Chevron$6.88
19Verizon Communications$6.75
23Walmart$6.74
32Comcast$6.72
20AT&T$6.56
46RBC$5.18
38HSBC Holdings$4.85

To find the total cost of a cyberattack we first considered the cost of the average cyberattack per country and the average cost per industry. Once we had these two costs, to make it more of a fair test, we added the combined total to each company’s % increase or decrease on their value compared to the average company value. This gave us the average total cost of a cyberattack on each company.

Data was taken from Forbes Global 2000 list, IBM’s Cost of a Data Breach report and where needed, company websites.

The Importance of Cyber Defence

The IBM Cost of a Data Breach Report 2022 states that breaches at organisations with fully deployed security Artificial Intelligence (AI) and automation cost on average $3.05 million less than breaches at organisations with no security AI and automation deployed. In other words, fully deployed costs $3.15 million compared to $6.20 million for not deployed – a difference of 65.2% and the largest cost saving in the study at $3.05 million.

Businesses with fully deployed security also experienced a 74-day shorter time to identify and contain a breach than those without fully deployed security.

Similarly, almost three-quarters of organisations claimed to have an incident response (IR) team and 63% of those said they regularly tested their IR plan. Organisations with an IR team and tested IR plan experienced $2.66 million lower breach costs on average than organisations without these cyber defences – a 58% cost saving.

Rise in Ransomware Attacks

11% of breaches in the Forbes Global 2000 study were ransomware attacks, an increase from 7.8% in 2021. The average cost of a ransomware attack fell slightly from $4.62 million to $4.54 million yet is still higher than the overall average cost of $4.35 million.

Stolen or Compromised Credentials

The most common cause of a data breach remains stolen or compromised credentials, accounting for 19% with an average cost of $4.50 million. These breaches also had the longest impact, taking 243 days to identify the breach and another 84 days to contain it.

Phishing was the second most common breach at 16% and also the costliest with an average of $4.91 million.

Cyberattacks in Numbers

83% – of organisations suffered more than one data breach

60% – of breaches led to customer price increases

79% – of critical infrastructure organizations had no ‘zero trust’ approach

59% – of all organizations that have no ‘zero trust’

45% – of breaches were cloud-based

19% – of breaches occurred because of a compromise at a business partner USD $4.35m – average total cost of a data breach

USD $4.82m – average cost of a critical infrastructure data breach

USD $4.54m – average cost of a ransomware attack

USD $1m – different in cost where remote work was a factor in a breach compared to when it was not

USD $5.05m – the UK’s average cost of a data breach

USD $3.05m – average cost saving with deployed security AI and automation

USD $2.66m – average cost saving with an IR team and tested plan

12 years – consecutive years the health and pharma industry had the highest average cost of a breach.

ramsac is an IT support company based in Godalming, Surrey. With specialisms in cybersecurity and Microsoft, ramsac have helped over 1000 local and national businesses with their IT over their 30 years in business. Founded by Rob May, a renowned cybersecurity expert, and Sally Cooper, in 1992, ramsac now works with a variety of well-known companies to help them with their IT. Their latest service, the Cyber Resilience Certification, helps companies to demonstrate their competence in cybersecurity to other suppliers and partners.

Related Posts

  • What is cyber insurance and do you really need it? 

    What is cyber insurance and do you really need it? 

    Cybersecurity

    Cyber insurance can mitigate a business against damages and financial loss caused by a cyberattack. But what does cyber insurance cover? Find out here. [...]

    Read article

  • The importance of supply chain cybersecurity and risk management 

    The importance of supply chain cybersecurity and risk management 

    Cybersecurity

    Supply chains are areas of increasing cybersecurity risk. What is the exact problem, and how can you address it? Discover this and more in our latest blog. [...]

    Read article

  • Measuring cyber resilience & your human firewall

    Measuring cyber resilience & your human firewall

    Cybersecurity

    Safeguarding your organisation against cyber threats has become increasingly vital, and assessing where you are currently in your cyber resilience journey is a fundamental step in understanding how best [...]

    Read article

  • Celebrating Cybersecurity Awareness Month

    Celebrating Cybersecurity Awareness Month

    Cybersecurity

    October is Cybersecurity awareness month, follow us on LinkedIn or Twitter for daily tips on how you can protect your organisation against Cybercrime. [...]

    Read article

  • How cybercrime costs the UK economy nearly £27B every year

    How cybercrime costs the UK economy nearly £27B every year

    Cybersecurity

    Cybercrime costs claims nearly £27 billion of the UK economy almost every year. Cybercrime has only become more common, affecting many industries. Read more. [...]

    Read article

  • What is Zero Trust security and where should you start?

    What is Zero Trust security and where should you start?

    Cybersecurity

    Zero Trust security removes assumptions about trusting a user, even when they're inside your network. This means users and devices must be verified. Read here. [...]

    Read article