IBM Security has announced the results of a Middle East study exploring the implications and effects of data breaches on businesses located in Saudi Arabia and the UAE.
Sponsored by IBM Security and conducted by Ponemon Institute, the study found that the average cost of a data breach in Saudi Arabia and the UAE combined is $4.94 million, a 6.9 percent increase since 2016. According to the study, these data breaches cost companies $154.7 per lost or stolen record on average.
This year’s annual study was conducted in 11 countries and combined two regions: The United States, Germany, Canada, France, the United Kingdom, Italy, Japan, Australia, the Middle East (Saudi Arabia and the UAE combined), Brazil, India, South Africa and ASEAN (Association of Southeast Asian Nations). When compared to other markets, organisations in Saudi Arabia and the UAE saw the second highest average cost of a data breach at $4.94 million, have the highest direct per capita cost ($81) and are amongst the top markets that spend the most ($1.43 million) on post data breach response.
The 2017 Cost of Data Breach report also revealed that malicious or criminal attacks are the most frequent cause of data breach in Saudi Arabia and the UAE. Fifty-nine percent of incidents involved data theft or criminal misuse. These types of incidents cost companies $171.7 per compromised record, compared to $130.7 and $128.5 per compromised record as a result of a breach caused by system glitch or employee negligence, respectively.
Top factors that contributed to the increase of cost of a data breach in Saudi Arabia and the UAE include compliance failures and the extensive use of mobile platforms. Companies reported that compliance failures and the extensive use of mobile platforms increased the cost of each compromised record by $10.4 and $12.8, respectively.
“Data protection continues to be a challenge as businesses hold more and more sensitive information, pushing cyber security higher up the agenda,” Saeed Agha, Security Business Unit Leader, IBM Gulf and Levant. “According to the study, malicious or cyber-attacks are a major cause of data breach in Saudi Arabia and the UAE. Such attacks are financially damaging and present great threat to the reputation of organisations. It is important to start looking at security hygiene measures as an opportunity to avoid falling victim to the next big security threat rather than a nuisance.”
The study also found that having an Incident Response (IR) Team in place significantly reduced the cost of a data breach, saving more than $19 per lost or stolen record globally. The speed at which a breach can be identified and contained is in large part due to the use of an IR team and having a formal Incident Response plan.
IR teams can assist organisations to navigate the complicated aspects of containing a data breach to mitigate further losses.
It noted that quick response to data breach incidents has a direct impact on financial consequences. Globally, the cost of a data breach was nearly $1 million lower on average for organisations that were able to contain a data breach in less than thirty days compared to those that took longer than 30 days.