The global figure represents the highest cost-per-data-breach incident in the 17-year history of IBM's annual "Cost of a Data Breach" report.
"Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic," Chris McCurdy, vice president and general manager of IBM Security, said in a Wednesday statement.
He added, however, that "while data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach – which may pay off in reducing the cost of these incidents further down the line."
A jarring series of cyberattacks in recent months on private and federal entities — including the 2020 SolarWinds hack, which put hundreds of agencies and companies at risk — and the Colonial Pipeline ransomware attack that led to a temporary gas shortage along the East Coast in May have shed new light on the monetary impacts of cyberattacks and the importance of cybersecurity.
The U.S. experienced the most expensive breaches at more than $9 million per incident, followed by the entire Middle East at $6.9 million and Canada at $5.4 million.
The cost of data breaches also saw a 10% increase compared to last year's report as companies adapted to an increasingly digital workforce due to the COVID-19 pandemic, according to the survey of 500 organizations.
Data breaches cost more than $1 million more on average when remote work was included as a factor in the cyberattack incidents reported, according to IBM.
The health care, retail, hospitality and consumer manufacturing/distribution industries saw the most significant increase in costs related to data breaches. Health care, specifically, recorded an average $9.23 million cost per incident, representing a $2 million increase year-over-year.
Stolen user credentials (such as usernames and passwords) were the most common cause behind data breaches, and customer data (such as names, emails and passwords) was the most common data to be exposed in breaches.
Cyberattack mitigation technology including artificial intelligence (AI), security analytics and encryption helped save companies between $1.25 million and $1.49 million compared to those that did not use those tools.
It also took companies longer on average to detect and contain breaches. Organizations, on average, took 212 days to detect breaches and 75 to contain them.