IBM Security announced the results of a global study, based on in-depth analysis of over 500 real-world data breaches occurring over the past year across 17 countries, including the Middle East region, and among 17 different industries. According to the study, the Middle East region is the second highest average breach cost amongst the 17 regions studied.
The study on organizations surveyed in the Kingdom of Saudi Arabia (KSA) and the United Arab Emirates (UAE) suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic. The financial impact of these security incidents in the Middle East has risen by 6% over the past year and has reached the highest cost in the report’s 8-year history in the region. These data breaches cost companies studied in the region $6.93 million per breach on average, which is higher than the global average of $4.24 million per incident.
Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organizations moving further into cloud-based activities during the pandemic. The new findings released today suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.
The annual Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analyzed by IBM Security, identified the energy sector, financial services, and healthcare as the top three industries per record cost of a data breach in the Middle East region. The study also found that breaches cost companies surveyed in Saudi Arabia and the UAE $194 per lost or stolen record on average. While phishing attacks were the most common root cause of breaches that target organizations in the region, followed by stolen user credentials such name, email and password.
While certain IT shifts during the pandemic increased data breach costs, organizations surveyed in Saudi Arabia and the UAE who said they did not implement any digital transformation projects to modernize their business operations during the pandemic actually incurred higher data breach costs. The cost of a breach was 10% higher than average at organizations that had not undergone any digital transformation due to COVID-19.
Companies studied that adopted a zero trust security approach were better positioned to deal with data breaches. This approach operates on the assumption that user identities or the network itself may already be compromised, and instead relies on AI and analytics to continuously validate connections between users, data and resources. Organizations in KSA and UAE with a mature zero trust strategy had an average data breach cost of $5.6 million – which was $2.4 million lower than those who had not deployed this approach at all.
The 2021 Cost of a Data Breach Report from IBM Security and Ponemon Institute is based on in-depth analysis of real-world data breaches of 100,000 records or less, experienced by over 500 organizations worldwide between May 2020 and March 2021. The report takes into account hundreds of cost factors involved in data breach incidents, from legal, regulatory and technical activities to loss of brand equity, customers, and employee productivity.
“The rapid adoption of digitization in the Middle East has made the region an attractive target for a wide array of cyber threats, and this has also been intensified by the pandemic,” says Hossam Seif El Din, General Manager IBM in the Middle East and Pakistan. “As cybercriminals became increasingly sophisticated, IBM is uniquely prepared to support complex security challenges for governments and businesses of all sizes and across all industries in our region”.