Data breaches are costlier than ever before with the global average reaching an all-time high of $4.35 million, according to the latest report by IBM Security.
According to the annual global Cost of a Data Breach Report, cyber incidents costs have increased nearly 13 percent over the last two years, suggesting that they may also be contributing to rising costs of goods and services.
The report further revealed that 60 percent of studied organisations globally raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.
Cyber-attacks are also not one-offs, the IBM report noted that 83 percent of studied organisations globally have experienced more than one data breach in their lifetime. It also highlighted the lingering after-effects of such incidents as nearly 50 percent of costs are incurred more than a year after the breach.
In the Middle East, the costliest breaches are often made by a malicious insider and can reach close to $9.6 million.
This initial attack vector surpasses physical security compromises, stolen credentials, phishing attacks and cloud misconfigurations. The report did however highlight an improvement year-on-year where organisations in the Middle East are identifying and containing data breaches quicker and more effectively.
MENA end-user spending on cybersecurity to increase by 11.2% in 2022
“As organisations in the Middle East make great strides in digitisation across every major sector, it’s essential that these carefully crafted national visions are safeguarded with the right security capabilities, including the adoption of Zero Trust strategies. The more we resist the idea of Zero Trust, the more we’ll see higher impact breaches that aren’t identified and contained quickly,” said Wael Abdoush, General Manager for IBM Gulf, Levant, and Pakistan.
It never pays to pay the ransom
Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.
Critical infrastructure remains a popular target
The IBM report also revealed increasing concerns over critical infrastructure being targeted. It noted that ransomware and destructive attacks represented 28 percent of global breaches amongst critical infrastructure organisations studied. This includes financial services, industrial, transportation and healthcare companies amongst others.
According to the report, critical infrastructure lags in zero trust implementations with almost 80 percent of organisations studied lacking zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do.
Despite the call for caution, globally only 21 percent of critical infrastructure organisations studied adopt a zero trust security model, according to the report. Additionally, 17 percent of global breaches at critical infrastructure organisations resulted from a business partner being initially compromised.
Hybrid cloud offers a security advantage
The IBM study found that 43 percent of studied organisations are in the early stages or have not started applying security practices across their cloud environments, observing over $660,000 on average in higher breach costs than studied organisations with mature security across their cloud environments.
The global report also showcased hybrid cloud environments as the most prevalent (45 percent) infrastructure amongst organisations studied. averaging $3.8 million in breach costs.
IBM also found that businesses that adopted a hybrid cloud model globally observed lower breach costs at $3.8 million when compared to organisations with a solely public or private cloud model, which experienced $5.02 million and $4.24 million on average, respectively.
The report highlights that 45 percent of studied breaches around the world occurred in the cloud, emphasising the importance of cloud security.
Furthermore, the report pointed out that businesses studied in the Middle East, that haven’t start applying cloud security practices suffer from $8.3 million on the average total cost of a data breach.
Finally, IBM report also highlighted that security AI and automation can help organisations save millions of dollars from a potential breach. It noted that participating organisations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organisations that have not deployed the technology, which is the biggest cost saver observed in the study.
