Every year, Forrester fields the Forrester Analytics Business Technographics® Security Survey, which provides insight into security decision-makers’ current state, challenges, and forward-looking priorities. We analyzed the 2022 data to assess data breaches across seven primary industries: manufacturing; retail and wholesale; business services and construction; utilities and telecommunications; financial services and insurance; public sector and healthcare; and other (including media, entertainment, and leisure).

Our research, included in the just-published 2022 Enterprise Breach Benchmarks, Global report, reveals that:

  • Breached organizations experience an average of four breaches annually. Global security decision-makers at organizations that were breached in 2022 reported an average of four breaches in that time period. The manufacturing, utilities, and telecommunications industries reported a more frequent number of breaches than other industries.
  • Attackers remain longest in financial services and insurance providers’ networks. While global security decision-makers reported that their organizations take an average of 62 days to eradicate attackers from their networks, financial services and insurance security decision-makers struggled to both eradicate and recover from breaches more than other industries.
  • Financial services breaches continue to incur significant costs. Global security decision-makers reported that their organization paid an average of $3 million in total as a result of all breaches experienced. Breach costs were highest in the financial services and insurance industry, which is not surprising, given that this industry remains a high-profile target for hackers.

Key Takeaway From The Data: Breach Benchmarks Provide Structure In A Post-Breach World

Moving to a post-breach mindset requires not only accepting that breaches are a reality but also confronting the data to understand your organization’s capabilities among peers. Benchmarking breach data can help you:

  • Defend your security budget. Putting an industry-specific price tag on a breach immediately clarifies the ramifications of breaches. You can use these metrics to build the necessary business support for additional budget.
  • Understand the state of play. While you shouldn’t treat breach benchmarks as hard and fast metrics for success, they can help teams ballpark realistic expectations. Understanding the state of play turns the strict and unrealistic mindset of no breaches into a more tangible and realistic goal.
  • Identify dramatic differences that signal gaps in visibility. Is the time that it takes your team to find and eradicate attackers dramatically lower than your industry peers? This could be a good sign — or it could indicate that your team lacks the needed visibility to identify attacks. These benchmarks can indicate whether you’re missing key elements.


In the full report, these benchmarks cover industry-level metrics on number of breaches, time to eradicate attackers, time to recover, and the average cost of breaches that an organization faces. Check out the full report here, or schedule an inquiry or guidance session for more in-depth advice.