Information Risk Insights Study 2022

Download report Get member exclusives

A Decade of Cyber Risk Data

Supported by CISA, the 2022 edition of the Information Risk Insights Study expands the IRIS research series with one of the most comprehensive datasets available. Examining $57 billion in reported losses and 72 billion compromised records, the study identifies the patterns, threat techniques, and organizational factors that shape today’s cyber risk landscape.

Key Findings

Cybersecurity incidents are growing in frequency, with a 44% increase in the average number of events publicly reported each month over the last decade.

The Healthcare and Finance sectors have the most incidents, with 76X more events than the least-breached industries of Mining and Agriculture.

Large organizations with over $100B in annual revenue are 32X more likely to have multiple security incidents in a single year than smaller firms.

The typical financial cost reported for a cyber event is $266K, but the top 5% of loss events balloon to $52M.

Valid Accounts, Phishing, and Exploit Public-Facing Applications are the three most common MITRE ATT&CK initial access techniques observed across all incidents.

Download full report

IRIS 2022 draws from more than 77,000 cyber events affecting 35,000 organizations over the past decade. By combining extensive breach data with enhanced analytical methods, the study offers a clearer understanding of how frequently cyber incidents occur and the financial impact they create across industries and organizations of different sizes.

The research reveals rising incident volumes and highlights the sectors most affected, including healthcare, finance, hospitality, and information services. It also shows that while large organizations experience more incidents overall, smaller organizations often face a greater relative impact when attacks occur. These insights help organizations move beyond fear and speculation toward more informed, data-driven cyber risk management.

Get exclusive content, sector-specific updates, and expert commentary

Sign up now

Testimonials

  • “I can never say enough good things about Cyentia Institute research. Everyone should be diving into this and signing up for Cyentia membership!”
    Daniel Stone, Technology Risk Strategy Advisor

Sign-Up for the Cyentia
Cyber Risk Chronicles Newsletter

Be the first to explore exclusive reports, industry trends, and data-driven strategies designed to empower decision-making.

Options

Request an IRIS-Style Analysis Tailored to Your Organization

Share the questions or risk areas you’d like explored, and we’ll follow up with data-driven insights and benchmarks designed to inform better decisions.

Request a Demo