Cost of data breaches continues to rise: IBM Security
Malicious or criminal attacks are the most frequent causes of data breaches in the Middle East
The average cost of a data breach has risen to almost $5m, a new study by IBM Security says.
The study, conducted along with the Ponemon Institute, explores the implications and effects of data breaches on businesses located in Saudi Arabia and the United Arab Emirates (UAE).
It found that the average cost of a data breach in the two GCC countries is $4.94m, a 6.9% increase since 2016. According to the study, these data breaches cost companies $154.7 per lost or stolen record on average.
This year’s annual study was conducted in 11 countries and combined two regions including the Middle East (Saudi Arabia and the UAE combined). When compared to other markets, organisations in Saudi Arabia and the UAE saw the second highest average cost of a data breach at $4.94m, plus they have the highest direct per capita cost ($81) and are amongst the top markets that spend the most ($1.43m) on post data breach response.
The 2017 Cost of Data Breach report also revealed that malicious or criminal attacks are the most frequent causes of data breaches in Saudi Arabia and the UAE. Fifty-nine per cent of incidents involved data theft or criminal misuse. These types of incidents cost companies $171.7 per compromised record, compared to $130.7 and $128.5 per compromised record as a result of a breach caused by system glitch or employee negligence, respectively.
Top factors that contributed to the increase of cost of a data breach in Saudi Arabia and the UAE include compliance failures and the extensive use of mobile platforms. Companies reported that compliance failures and the extensive use of mobile platforms increased the cost of each compromised record by $10.4 and $12.8, respectively.
"Data protection continues to be a challenge as businesses hold more and more sensitive information, pushing cyber security higher up the agenda," said Saeed Agha, security business unit leader, IBM Gulf & Levant.
“According to the study, malicious or cyber-attacks are a major cause of data breach in Saudi Arabia and the UAE. Such attacks are financially damaging and present great threat to the reputation of organisations. It is important to start looking at security hygiene measures as an opportunity to avoid falling victim to the next big security threat rather than a nuisance.”
The study found that having an Incident Response (IR) Team in place significantly reduced the cost of a data breach, saving more than $19 per lost or stolen record globally. The speed at which a breach can be identified and contained is in large part due to the use of an IR team and having a formal Incident Response plan. IR teams can assist organisations to navigate the complicated aspects of containing a data breach to mitigate further losses.
According to the study, the quicker an organisation can contain data breach incidents has a direct impact on financial consequences. Globally, the cost of a data breach was nearly $1m lower on average for organisations that were able to contain a data breach in less than thirty days compared to those that took longer than 30 days.
With such significant cost savings in mind, the study revealed that there is room for improvement with organisations when it comes to the time to identify and respond to a breach. On average, organisations in Saudi Arabia and the UAE took 245 days to identify a breach, and 80 additional days to contain a breach once discovered.
• By industry, services, financial services and technology breaches most costly: In Saudi Arabia and the UAE, services, financial services and technology have topped the list as the most expensive industry for data breaches, costing organisations $221.3, $201.1 and $184.5 per record, respectively.
• In Saudi Arabia and the UAE, certified protection officer (CPO) appointment and the use of security analytics were the factors shown to have the most impact on reducing the cost of a data breach. The appointment of a CPO and the use of security analytics resulted in $2.4 and $8.3 reduction in cost per lost or stolen record, respectively.