Businesses and government organizations in the Gulf are getting better at tackling cyber hits. But these days, breaches tend to happen more frequently from malicious insiders, says IBM's cost of data breach report. Image Credit: Shutterstock

Dubai: The good news first – Organizations in the Middle East are containing data breaches faster and more effectively than they have been used to. And here’s the bad bit: the costliest breaches – and they still happen – are costing regional entities up to $9.6 million.

The most unfortunate part is most of the cyber breaches happen from within the organization – i.e., by malicious-minded insiders, according to the latest 2022 Cost of a Data Breach Report from IBM Security, which was released today.

“Businesses need to put their security defenses on the offense and beat attackers to the punch,” said Charles Henderson, Global Head of IBM Security X-Force. “It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks.

“The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.”

These days, any mention of higher ‘cost of living’ will be enough for businesses and other entities to initiate and sustain action, whether it relates to operations or their tech needs. According to the IBM findings, the average cost of a data breach has shot up to $4.45 million for organizations surveyed in the report. Breach costs have risen 13 per cent in the last two years, as cyber hackers become even more innovative in figuring out weakness in the defense.

The higher costs of data breaches is also being passed on by businesses into their product and service tariffs. “In fact, 60 per cent of studied organizations globally raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues,” says the report.

IBM cost of breach report scans the world
IBM's 2022 'Cost of a Data Breach Report' is based on real-world data breaches experienced by 550 organizations, 31 of which are from the Middle East, between March '21 and March '22. The research, which was sponsored and analyzed by IBM Security, was conducted by the Ponemon Institute.

Targetting supply chains

Last year, ransomware and ‘destructive’ attacks made up 28 per cent of breaches within systemically vital global organizations. This way, the attackers are ‘seeking to fracture global supply chains that rely on these organizations’.

Yet, only 21 per cent of critical infrastructure organizations have a ‘zero trust’ security model. Even more worrying, 17 per cent of global breaches started with a business partner’s systems being compromised, ‘highlighting the security risks that over-trusting environments pose’.

"It’s essential that these carefully crafted national visions are safeguarded with the right security capabilities, including the adoption of ‘Zero Trust’ strategies. The more we resist the idea of Zero Trust, the more we’ll see higher impact breaches that aren’t identified and contained quickly.” - Wael Abdoush, General Manager for IBM Gulf, Levant, and Pakistan Image Credit: Supplied

Valid point, if hackers keep on pressing into weaknesses through supplier or business partners’ IT environments.

Solutions in a ‘cloud’?

What’s interesting about the IBM findings is that organizations with a solid hybrid cloud-based model suffer lower breach-related costs. This is compared to those organizations relying solely on ‘public or private cloud model’.

Even then, there can be no letting the guard down. As 45 per cent of studied breaches occurred in the cloud. “However, a significant 43 per cent of reporting organizations stated they are just in the early stages or have not started implementing security practices to protect their cloud environments, observing higher breach costs,” the IBM report finds. “Businesses in the Middle East that haven’t start applying cloud security practices suffer from $8.3 million on the average total cost of a data breach.”

Middle East organizations need to watch out for:
• Lags in Zero Trust: Almost 80 per cent of critical infrastructure organizations studied don’t adopt zero trust strategies, seeing average breach costs rise to $5.4 million – a $1.17 million increase compared to those that do. And 28 per cent breaches amongst these organizations were ransomware or destructive attacks.

• No guarantee from paying up: Ransomware victims in the IBM study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom payments, the financial toll may rise even higher, suggesting that simply paying the ransom may not be an effective strategy.

• Security immaturity in the cloud: Forty-three percent of studied organizations are in the early stages or have not started applying security practices across their cloud environments. For them, it translates into $660,000 on average in higher breach costs than those with mature security across their cloud environments.

• Security AI and automation: Organizations fully deploying security AI and automation incurred $3.05 million less on average in breach costs compared to studied organizations that have not deployed the technology – the biggest cost saver observed in the study.