The total cost of data breaches for organisations in the Middle East hit an all-time high in 2023, reaching $8 million (SAR29.9 million). This represents a 15 percent increase over the past three years and a significant 155.9 percent increase over the last decade, according to the Cost of a Data Breach Report by IBM Security. These numbers underscore the growing importance of advanced solutions to safeguard businesses and entities across the Middle East in our increasingly interconnected world.
Within the Middle East, four key activities contribute to the range of expenses linked to a data breach for organisations. The highest expense was lost business costs, totalling SAR 10.02 million, followed by post-breach responses at SAR 8.86 million, detection and escalation costs at SAR 8.36 million, and notifying relevant stakeholders at SAR 2.36 million.
In terms of sectors, the financial sector bore the brunt of data breach costs, reaching SAR 35.29 million. The energy industry ranked second, with costs hitting SAR 33.75 million, while the healthcare sector incurred SAR 32.46 million in data breach expenses.
In a world where digital transformation is reshaping the global economy, presenting both opportunities and unprecedented challenges, the IBM report sheds light on the scale and nature of security issues that Middle Eastern organisations must confront.
The impact of AI
AI and automation emerged as significant game-changers in the realm of breach identification and containment for the organisations studied. The 2023 report reveals that Middle Eastern organisations that extensively deployed security AI and automation experienced much shorter data breach lifecycles, averaging 259 days. In stark contrast, organisations that did not utilise these technologies faced data breach lifecycles of 393 days – a difference of 134 days.
Moreover, the report notes that organisations that extensively employed security AI and automation saw, on average, SAR 12.22 million lower data breach costs compared to those that didn’t embrace these technologies.
Saad Toma, General Manager of IBM Middle East and Africa, emphasised that with the Middle East’s rapid growth and development, there has been an increase in cyber-attacks. Early detection and fast response can significantly mitigate the damage caused by a data breach.
“Investments in advanced threat detection and response technologies, using AI and automation, are essential for organisations to stay ahead of cybercriminals.”
Growing challenges
Fahad Alanazi, General Manager of IBM Saudi Arabia, pointed out, “With each passing day, the global economic landscape grows more sophisticated, presenting new and unprecedented challenges for businesses to overcome… At IBM, we pride ourselves on pioneering world-class offerings that safeguard the people, entities, and communities we serve.”
Additional findings from the report reveal that phishing accounted for the majority of data breaches, constituting 16 percent of breaches in the region and costing businesses SAR 32.2 million. Unknown (zero-day) vulnerabilities accounted for 15 percent, while attacks through stolen or compromised credentials represented 13 percent of breaches in the Middle East.
Furthermore, over 37 percent of data breaches studied resulted in data loss across multiple environments, indicating that attackers could compromise multiple environments while avoiding detection. Such breaches also led to higher costs, averaging SAR 33.20 million.
To mitigate the cost of data breaches, the IBM report suggests that AI and machine learning-driven insights and attack surface management (ASM) tools are essential factors that can be deployed, reducing costs by SAR 1.13 million and SAR 1.08 million, respectively.
The 2023 Cost of Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 553 organisations globally, including 36 in Saudi Arabia and the UAE, between March 2022 and March 2023. The research, sponsored and analysed by IBM Security, was conducted by the Ponemon Institute and has been published for 18 consecutive years.
