Technology
Data Breach Costs Continue to Rise in the Middle East, Averaging SAR 32.80 Million in 2024
IBM (NYSE: IBM) has released its 2024 Cost of a Data Breach Report, revealing that the average cost of a data breach for businesses in the Middle East has surged to SAR 32.80 million this year, marking a nearly 10% increase from SAR 29.90 million in 2023. The report, which provides a comprehensive analysis of data breaches, identified security skills shortages, non-compliance with regulations, and the complexity of security systems as the primary factors driving up costs for businesses in the region.
Rising Costs Across Sectors: The energy sector reported the highest costs, with an average breach costing SAR 36.90 million, making it the most expensive sector for breaches. The financial industry followed closely with an average cost of SAR 35.81 million, and the industrial sector ranked third at SAR 34.52 million.
Key Cost Drivers:
- Lost Business: The most significant contributor to the cost increase was lost business, which includes operational downtime, customer loss, and damage to reputation. In 2024, these costs averaged SAR 12.84 million per breach, up from SAR 10.02 million in 2023.
- Post-Breach Response: Costs associated with responding to breaches also saw a rise, with post-breach customer response costs averaging SAR 9.01 million, up from SAR 8.86 million in 2023.
- Detection and Escalation: These costs increased slightly to SAR 8.42 million, from SAR 8.36 million the previous year.
- Notification Costs: Notification costs grew to SAR 2.53 million, up from SAR 2.36 million in 2023.
Security Challenges: The report highlighted several challenges contributing to the rising costs:
- Security Skills Shortage: A shortage of skilled security professionals added SAR 1.62 million to the average cost of a breach, emphasizing the urgent need for businesses to bridge this gap.
- Non-Compliance with Regulations: Failing to comply with regulations increased breach costs by SAR 1.25 million on average.
- Complex Security Systems: Complex security environments added an average of SAR 975,000 to breach costs.
Attack Vectors and Storage Breaches:
- Stolen or Compromised Credentials: This was the most common initial attack vector, responsible for 19% of breaches and costing an average of SAR 33.60 million per incident.
- Zero-Day Vulnerabilities and Phishing: These were also significant, with costs averaging SAR 32.31 million and SAR 34.75 million, respectively.
- Data Storage Environments: Breaches involving data stored across multiple environments had an average cost of SAR 34.23 million, while breaches in the public cloud cost an average of SAR 35.92 million.
Impact of AI and Automation: Organizations that extensively deployed security AI and automation reported significantly lower breach costs, averaging SAR 26.54 million compared to SAR 38.85 million for those without these technologies. Additionally, AI and automation reduced the time to identify and contain breaches, with AI-empowered organizations taking an average of 198 days to identify a breach and 57 days to contain it, compared to 294 days and 78 days, respectively, for those without AI.
Conclusion: Santhosh Koratt, MEA Cybersecurity Services Leader at IBM, emphasized the importance of adopting advanced cybersecurity measures to mitigate the escalating costs of data breaches. "The alarming and continued escalation of data breach costs in the Middle East highlights the urgent need for advanced cybersecurity measures. As technology evolves and becomes more complex, cyberthreats and data breaches also grow more sophisticated. Now more than ever, it is imperative to adopt AI-driven technologies, address security staff shortage concerns, and reinforce regulatory compliance."
The 2024 Cost of a Data Breach Report is based on an in-depth analysis of breaches experienced by 604 organizations globally, including 39 in Saudi Arabia and the UAE, between March 2023 and February 2024.