Dubai: The average organisational cost of data breaches in the Middle East has risen by 20 per cent, from $4.12 million (Dh15.13 million) in 2016 to $4.94 million in 2017, the highest worldwide.

According to ‘2017 Cost of Data Breach Study: Global Overview’ by IBM Security and Ponemon Institute, the average total cost of global data breaches decreased from $4 million to $3.62 million this year, while the average cost for each lost or stolen record also significantly decreased from $158 in 2016 to $141 in this year’s study.

In the Middle East, the average organisation risks nearly $5 million per data breach.

Savitha Bhaskar, COO at Condo Protego, said that organisations are facing an increasing risk of material data breaches — one in which at least 1,000 customer or citizen digital records are lost or stolen globally, whether from system glitches, human error or criminal activity.

Moreover, as organisations deploy cloud applications and connect more devices to networks, they are also increasing the risk for more breaches.

“Data breaches can be catastrophic for Middle East organisations,” Bhaskar said. “Middle East organisations need holistic data protection strategies and solutions to prevent, contain and remediate data breaches. Solutions from endpoint security to data back-up and recovery can reduce costs, ensure business continuity and enhance customer trust,” she said.

The report said that organisations in Australia, Germany, France and the United Kingdom were able to improve their ability to keep customers and, as a result, reduce the cost of data breaches.

Organisations in Australia, the UK and Germany also were able to limit the number of customer records lost or stolen and, as a result, had lower costs, whereas, countries in the Middle East and the US experienced a higher percentage of churn and, consequently, higher costs.

“While the Middle East is spending more on data breach responses, the more important factor is appointing a Chief Information Security Officer. This board-level role can ensure that data protection strategies are deployed across lines of business, are easy for employees to understand and follow, and that the solutions match business needs,” Bhaskar said.

Alastair Paterson, CEO and co-founder of Digital Shadows, said that the cybercriminal community is all about profit and that means they continue to utilise the same sorts of tactics if they continue to gain the results they are after — mainly money.

“Supply chain and third-party attacks have been a common feature in 2017 and will continue to be a fruitful attack method for cybercriminals in the next year. These tend to be highly focused operations with predetermined targets of interest, rather than cases of mass, indiscriminate targeting,” he said.

He said the bar for cyber-attacks keeps getting lower. The availability of leaked tools from the NSA and HackingTeam, coupled with ‘how to’ manuals, means that threat actors will have access to powerful tools that they can iterate from and leverage to aggressively accomplish their goals.