Average cost of a data breach in the Middle East rises to $8.75 million, IBM study shows

The average cost of a data breach in the Middle East rose 8.4 per cent annually to $8.75 million in 2024, highlighting the need for businesses to increase their cybersecurity awareness and budgets, a new study from US technology company IBM has found. That keeps the region in second place – after the US – a position it has held for eight years since its first inclusion, in 2017, in the annual Cost of a Data Breach report. Representing the Middle East in this year's report, published this week, is a cluster sample of organisations in the UAE and Saudi Arabia, according to New York-based IBM . The US was top for the 14th consecutive year out of the 16 regions analysed in the study, with an average cost of $9.36 million. This was slightly down from the $9.48 million it posted last year. Canada, Japan and South Africa were the only other regions where costs went down in 2024. Benelux, comprising Belgium, the Netherlands and Luxembourg, was added in this year's report. Overall, the average cost of a data breach climbed nearly 10 per cent to $4.88 million in 2024, from $4.45 million in 2023, the highest increase since the pandemic, IBM said. This was driven by a rise in the cost of lost business, including operational downtime and lost customers, and the cost of post-breach responses, such as staffing customer service help desks and paying higher regulatory fines, it said. Lost business and post-breach activities accounted for $2.8 million, the highest combined amount over the past six years. “Despite [organisations'] efforts, breach costs are rising, mostly from expenses related to business disruption and post-breach responses,” IBM analysts wrote in the report. The rise in breach costs is forcing companies to pass them on to their customers, which “is an increasing trend” and “can be problematic in a competitive market already facing pricing pressures from inflation”, they said. Cyber security breaches are arguably the biggest IT headaches for enterprises, as any attack that compromises systems can lead to financial and reputational damage. And while cyber security measures have been evolving with the latest technologies, so too have cyber criminals, who are either maintaining pace or are steps ahead of companies as they continue to exploit any loopholes in IT systems. These criminals are also heavily targeting regions with strong economies and lucrative industries, as the returns on their activities are potentially high. Phishing and smishing – two types of spoofing attacks – are growing in the Middle East, according to New York-based insurance firm Marsh McLennan. Other popular weapons of choice for cyber criminals are malware, denial-of-service attacks and identity-based attacks, according to US cyber security company CrowdStrike . “Compromised credential attacks can also be costly for organisations, accounting for an average $4.81 million per breach,” IBM said. The study recommended using artificial intelligence and automation techniques for cyber security, as it found this has the potential to “dramatically” lower the average breach costs. According to IBM's estimates, enterprises that used these technologies saw an average cost of $3.76 million, which is nearly 46 per cent lower than the $5.98 million experienced by those who didn't. “AI and automation are transforming the world of cyber security. They make it easier than ever for bad actors to create and launch attacks at scale and provide defenders with new tools for rapidly identifying threats and automating responses to those threats,” the IBM analysts said. In addition, more than half the organisations breached said the number of its staff skilled to deal with cyber issues declined by 26.2 per cent. That resulted in fewer people monitoring their systems, which in turn corresponds to an average of $1.76 million in additional breach costs. “This lack of trained security staff is growing as the threat landscape widens,” IBM said. “The continuing race to adopt generative AI across nearly every function in the organisation is expected to bring with it unprecedented risks and put even more pressure on these cyber security teams.”

Average cost of a data breach in the Middle East rises to $8.75 million, IBM study shows

The global average cost jumped nearly 10 per cent to $4.88 million, the highest increase since the pandemic