IBM Security has revealed the results of a global study, based on a survey of over 500 real-world data breaches occurring over the past year across 17 countries and 17 different industries.
According to the study, the Middle East region is the second highest average breach cost amongst the 17 regions studied.
The report on organisations surveyed in the Kingdom of Saudi Arabia (KSA) and the United Arab Emirates (UAE) suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic.
“The rapid adoption of digitisation in the Middle East has made the region an attractive target for a wide array of cyber threats, and this has also been intensified by the pandemic,” said Hossam Seif El Din, general manager IBM in the Middle East and Pakistan.
“As cybercriminals became increasingly sophisticated, IBM is uniquely prepared to support complex security challenges for governments and businesses of all sizes and across all industries in our region”.
The financial impact of these security incidents in the Middle East has risen by 6% over the past year and has reached the highest cost in the report’s 8-year history in the region.
These data breaches cost companies studied in the region $6.93 million per breach on average, which is higher than the global average of $4.24 million per incident.
Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic.
The findings suggest that security may have lagged behind these rapid IT changes, hindering organisations’ ability to respond to data breaches.
The annual Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analysed by IBM Security, identified the energy sector, financial services, and healthcare as the top three industries per record cost of a data breach in the Middle East region.
The study also found that breaches cost companies surveyed in Saudi Arabia and the UAE $194 per lost or stolen record on average. While phishing attacks were the most common root cause of breaches that target organisations in the region, followed by stolen user credentials such name, email and password.
While certain IT shifts during the pandemic increased data breach costs, organisations surveyed in Saudi Arabia and the UAE who said they did not implement any digital transformation projects to modernise their business operations during the pandemic actually incurred higher data breach costs.
The cost of a breach was 10% higher than average at organisations that had not undergone any digital transformation due to COVID-19.
Companies studied that adopted a zero trust security approach were better positioned to deal with data breaches.
Organisations in KSA and UAE with a mature zero trust strategy had an average data breach cost of $5.6 million – which was $2.4 million lower than those who had not deployed this approach at all.