Cost of data breaches in Saudi Arabia and UAE climbed 9.4% in 2019

Malicious attacks were the root cause for 59% of data breaches in the two countries, according to IBM Security study

The cost of a data breach in Saudi Arabia and the UAE – the Arab world’s two largest economies – has increased 9.4 per cent over the past year costing companies $6.53 million (Dh23.98m) per breach on average, according to the latest report from IBM Security.

The figure is higher than the global average of $3.86m per breach and is the second-highest average among the 17 regions studied, the report findings show. The US continued to experience the highest data breach costs in the world, at $8.64m on average.

“In Saudi Arabia and the UAE, breaches cost companies $188 per lost or stolen record on average, which represents an increase of 8.5 per cent from 2019. Healthcare was found to incur the highest per record cost of a data breach, followed by financial services and technology sector,” the report said.

Malicious attacks were the root cause for 59 per cent of data breaches in the two countries, followed by system glitches at 24 per cent and human error at 17 per cent, according to the report.

Conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with more than 3,200 security professionals in organisations that suffered a data breach over the past year.

For the tenth year in a row, healthcare continued to incur the highest average breach costs at $7.13m — a 10.5 per cent increase over the 2019 study. Similarly, the energy sector saw a 14.1 per cent increase from 2019, to an average of $6.39m in the 2020 study.

The report also said the Middle East, Germany and Australia had the highest percentage of breaches caused by malicious attacks, while South Africa, Brazil and Canada had the lowest percentage of malicious attacks. Data breaches caused by system glitches are highest in Canada, while ASEAN countries and Italy had the highest percentage of data breaches caused by human error.

The healthcare industries had the highest average time to identify and contain a breach, at 329 days, while the financial industry had the lowest average time to identify and contain a breach, at 233 days.

“While the majority of malicious breaches were caused by financially motivated cyber-attackers, those caused by nation state actors were the costliest,” the report said.