Verify any claim · lenz.io
Claim analyzed
Finance“The average global cost of a cybersecurity data breach was estimated at $4.35 million in 2022.”
The conclusion
IBM's own 2022 press release explicitly states the global average cost of a data breach reached $4.35 million, directly confirming the claim. Multiple independent secondary sources corroborate this figure. The number derives from IBM/Ponemon's annual study sample rather than a census of every breach worldwide, but the claim's use of "estimated" accurately reflects this methodology. This is the standard, widely accepted figure for 2022 global average breach costs across the cybersecurity industry.
Based on 19 sources: 8 supporting, 0 refuting, 11 neutral.
Caveats
- The $4.35 million figure is based on IBM/Ponemon's study sample of organizations, not a comprehensive count of all global breaches.
- Most corroborating sources repeat IBM's data rather than independently estimating the cost, so the figure reflects a single methodology.
- Subsequent IBM reports show the global average has risen since 2022, so this figure should not be treated as current.
Get notified if new evidence updates this analysis
Create a free account to track this claim.
Sources
Sources used in the analysis
The global average cost of a data breach report series, with prior years including 2022 data confirming the average as $4.35 million globally, as referenced in subsequent reports and analyses.
IBM Security today released the annual Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations.
The Cybersecurity Insurance Market is projected to grow from USD 10.3 billion in 2023 to USD 17.6 billion by 2028, at a CAGR of 11.4%. The rise in cyber threats, such as data breaches, ransomware, and phishing attacks, has driven the demand for cybersecurity insurance as organizations seek financial protection against potential losses.
The global cybersecurity market size is projected to grow from USD 227.59 billion in 2025 to USD 351.92 billion by 2030 at a Compound Annual Growth Rate (CAGR) of 9.1%. This growth is driven by increasing data breach incidents and rising average breach costs across sectors.
The global average total cost of a data breach increased by USD 0.11 million to USD 4.35 million in 2022, the highest it's been in the history of this report. The increase from USD 4.24 million in the 2021 report to USD 4.35 million in the 2022 report represents a 2.6% increase.
One in four companies (27%) globally have suffered a data breach that cost them US$1- 20 million or more in the past three years, according to PwC's annual Global Digital Trust Insights Survey, which surveys more than 3,500 senior executives across 65 countries.
The cost of a data breach in 2022 was $4.35M — a 12.7% increase compared to 2020, when the cost was $3.86M. IBM found that the global average cost of a data breach in 2022 was the highest ever since the dawn of conducting these reports.
The estimated annual cost of cybercrime worldwide is increasing gradually. It will reach 15.63 trillion U.S. dollars by 2029. This includes both direct breach costs and broader cybercrime losses across all sectors.
Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was USD 4.24 million.
Global spending on cybersecurity products and services is projected to reach $1 trillion (USD) annually by 2031, according to the 2026 Cybersecurity Market Report from Cybersecurity Ventures in partnership with Evolution Equity Partners. This reflects the imperative to protect increasingly digitized businesses, governments, and critical infrastructure from escalating cybercrime threats.
The global cybersecurity market size is projected to grow from $248.28 billion in 2026 to $699.39 billion by 2034, at a CAGR of 13.8% during the forecast period. This growth reflects escalating breach costs and increased organizational investment in preventive security measures.
Data breach statistics show that the average cost of a data breach has reached $4.4 million globally (IBM). This references the trend from 2022's $4.35 million average in prior IBM reports, showing continued rise.
The average cost of a data breach rose again in 2024 to nearly $4.9 million globally, with detection, escalation, and post-incident recovery driving the bulk of expenses, according to IBM's 2024 Cost of a Data Breach Report.
In its most recent Cost of a Data Breach Report, IBM Security and Ponemon Institute found... the global average cost of a data breach reached $4.35 million—“an all-time high.”
In 2023, the average cost of a data breach has reached a record high of US$ 4.45 million, according to the 2023 cost of a data breach report by IBM and the Ponemon institute, an increase of 2% compared to 2022 (US$ 4.35 milion).
The global average data breach cost in the measured period was 4.88 million U.S. dollars. Between March 2022 and February 2024, data breaches averaged higher than the 2022 pinpoint of $4.35 million reported in IBM studies.
The Ponemon Institute 2022 report highlights that the average cost of an endpoint attack is $1.8 million annually, with 54% of respondents experiencing an average of 5 attacks on their organizations' endpoints.
The IBM/Ponemon Cost of a Data Breach Report 2022 is the primary source widely cited across financial and cybersecurity analyses for the global average of $4.35 million in 2022, with no major conflicting primary data from central banks or regulators.
According to a report by Cybercrime Magazine, the annual cost of cybercrime is projected to reach $10.5 trillion by 2025, with phishing attacks posing as one of the highest threats.
What do you think of the claim?
Your challenge will appear immediately.
Challenge submitted!
Expert review
How each expert evaluated the evidence and arguments
Expert 1 — The Logic Examiner
Source 2 (IBM's 2022 press release for the Cost of a Data Breach Report) directly states the global average breach cost “reaching an all-time high of $4.35 million,” and multiple secondary sources (e.g., 5, 7, 9, 15) explicitly tie that IBM-reported figure to “2022,” which makes the inference to the claim straightforward: the 2022 IBM estimate for global average breach cost was $4.35M. The opponent's objection mainly targets a wording/scope nuance (study-sample average vs calendar-year), but the claim itself says “was estimated” (not “for every breach worldwide in calendar 2022”), and IBM's annual report/press release is exactly an estimate derived from studied organizations, so the evidence logically supports the claim as commonly understood.
Expert 2 — The Context Analyst
The claim omits that IBM's “Cost of a Data Breach 2022” figure is a global average for breaches in IBM/Ponemon's studied sample over a defined measurement window (commonly the prior 12 months), not a comprehensive calendar-year, all-breaches worldwide statistic—IBM's own release frames it as an average “for studied organizations” (Source 2), and many other citations are derivative restatements of IBM (Sources 5,7,9,14,15). With that context restored, the statement is still broadly accurate in common industry usage (the 2022 IBM report's global average is $4.35M), but the “in 2022” phrasing can mislead readers into thinking it is a literal calendar-year global estimate for all breaches rather than a study-sample estimate, so the overall impression is somewhat overstated.
Expert 3 — The Source Auditor
The most authoritative source in this pool is Source 2 — IBM's own official press release from July 27, 2022 — which directly and unambiguously states that "the global average cost of a data breach reach[ed] an all-time high of $4.35 million," and this figure is corroborated by Source 1 (IBM's 2025 report referencing the 2022 baseline), Source 5 (Key4biz hosting the full 2022 report PDF, explicitly stating "$4.35 million in 2022"), Source 7 (Tenable, a credible cybersecurity firm), and Source 15 (UpGuard, referencing the 2022 figure as a prior-year baseline for the 2023 increase). The opponent's semantic argument — that IBM's figure applies to "studied organizations" rather than a calendar-year 2022 estimate — is not supported by any conflicting primary data and is contradicted by the plain language of IBM's own press release and the industry-wide consensus treatment of this figure as the 2022 global average; the claim is clearly and reliably true per the most authoritative sources available.
Expert summary
The arguments
Two AI advocates debated this claim using the research gathered.
Argument for
The claim is directly and unambiguously confirmed by IBM's own 2022 press release (Source 2), which states that "the global average cost of a data breach reach[ed] an all-time high of $4.35 million" — a finding corroborated by multiple independent sources including Source 5 (Key4biz), Source 7 (Tenable), Source 9 (Raz-Lee Security), and Source 14 (ProWriters), all of which cite the same $4.35 million figure from the IBM/Ponemon 2022 report. Further reinforcing this, Source 15 (UpGuard) and Source 1 (IBM's 2025 report) reference the 2022 figure as a baseline for subsequent year-over-year increases, establishing an unbroken chain of corroboration across highly authoritative and independent sources that leaves no credible room for doubt.
You're treating IBM's wording as if it were a calendar-year 2022 estimate, but Source 2 explicitly limits the $4.35M figure to “studied organizations” in the annual report—i.e., a study-sample average over IBM's measured period, not “in 2022” as the claim asserts. And your “chain of corroboration” is circular: Sources 5, 7, 9, 14, and 15 are all secondary write-ups that simply repeat IBM's number rather than independently validating that it was an estimate for the year 2022, so they don't fix the claim's time-framing problem (Sources 1–2).
Argument against
The motion is false as stated because none of the primary IBM materials in the brief explicitly frame $4.35M as an estimate “in 2022”; IBM's 2022 announcement describes $4.35M as the global average cost “for studied organizations” in its annual report (Source 2, IBM), which is a study-period average rather than a calendar-year 2022 estimate. Moreover, the brief's “Cost of a Data Breach Report 2025” entry only claims that later reports reference “prior years including 2022 data” (Source 1, IBM), which is indirect and does not substantiate the precise wording that the average global cost “was estimated at $4.35 million in 2022.”
Your argument commits a distinction without a difference: IBM's 2022 report (Source 2) was published in July 2022, studied breaches occurring in 2022, and reported $4.35 million as the global average — calling this anything other than a "2022 estimate" is a semantic sleight of hand that no reasonable analyst, regulator, or court would accept, especially given that Source 5 (Key4biz) explicitly states "the global average total cost of a data breach increased... to USD 4.35 million in 2022." Furthermore, your claim that the framing is "indirect" collapses entirely when Source 7 (Tenable), Source 9 (Raz-Lee Security), and Source 15 (UpGuard) all independently and directly attribute the $4.35 million figure to the year 2022 — meaning your objection is not a factual rebuttal but a failed attempt to redefine standard industry language.