IBM Security has announced the results of a Middle East study examining the full financial impact of a data breach on businesses located in Saudi Arabia and the UAE.
Overall, the study found that the average total cost of a data breach in Saudi Arabia and UAE combined is $5.31 million, a 7.1 percent increase since 2017.
The study revealed that breaches cost companies in Saudi Arabia and UAE $163 per lost or stolen record on average. It also revealed that the root cause for 61% of breaches in the two GCC nations is malicious or criminal attacks, followed by system glitches at 21 percent and human error at 18 percent.
“We are living in an age of exponential change with more data, connected devices and computing power than ever before. While this offers businesses tremendous opportunities, it also creates more ways for potential data breaches within an organisation,” said Dr. Tamer Aboualy, CTO of Security Services, IBM Middle East & Africa.
“The 2018 report reveals that the major cause of a data breach is malicious or criminal attacks for organisations in KSA and UAE. The potential damage from cyberattacks extends beyond the obvious issue of businesses and consumers losing money. It can dramatically impact a company’s reputation, damaging the trust and loyalty of its customers, business partners, investors, and others.”
The study also examined factors which increase or decrease the cost of the breach, finding that costs are heavily impacted by the amount of time spent containing a data breach, as well as investments in technologies that speed response time.
In KSA and UAE, the average time to identify a data breach was 260 days, and the average time to contain a data breach once identified was 91 days, the study noted.
The IBM study also underlined that financial services, services and technology in Saudi Arabia and UAE have topped the list as the most expensive industries for data breaches, costing organisations $219, $201 and $188 per record, respectively.
One major factor impacting the cost of a data breach in Saudi Arabia and UAE was the reported cost of lost business, which was $2.2 million.
“The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.
“While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.”