IBM Security today announced the results of a Middle East study examining the full financial impact of a data breach on businesses located in the Kingdom of Saudi Arabia and the UAE. Overall, the study found that the average total cost of a data breach in KSA and UAE combined is $5.31 million, a 7.1% increase since 2017.
Sponsored by IBM Security and conducted by Ponemon Institute, the study was conducted in 13 countries and 2 regions: ASEAN (Association of Southeast Asian Nations), Australia, Brazil, Canada, France, Germany, India, Italy, Japan, South Africa, South Korea, the Middle East (KSA and UAE combined), Turkey, United Kingdom and United States. In KSA and UAE, the study found that breaches cost companies $163 per lost or stolen record on average. It also revealed that the root cause for 61% of breaches in KSA and UAE is malicious or criminal attacks, followed by system glitches at 21% and human error at 18%.
“We are living in an age of exponential change with more data, connected devices and computing power than ever before. While this offers businesses tremendous opportunities, it also creates more ways for potential data breaches within an organization,” said Dr. Tamer Aboualy, CTO of Security Services, IBM Middle East & Africa. “The 2018 report reveals that the major cause of a data breach is malicious or criminal attacks for organizations in KSA and UAE. The potential damage from cyberattacks extends beyond the obvious issue of businesses and consumers losing money. It can dramatically impact a company’s reputation, damaging the trust and loyalty of its customers, business partners, investors, and others.”
The study also examines factors which increase or decrease the cost of the breach, finding that costs are heavily impacted by the amount of time spent containing a data breach, as well as investments in technologies that speed response time.
In KSA and UAE, the average time to identify a data breach in the study was 260 days, and the average time to contain a data breach once identified was 91 days. Companies that contained a breach in less than 30 days saved over $1 million compared to those that took more than 30 days ($3.09 million vs. $4.25 million average total)
“The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.”
