Dubai: New technological capabilities always come with fresh vulnerabilities. Organisations in the region are being challenged to keep up with attacks when there is a shortage of IT security skills and rising costs to secure their data.
The starting point for overcoming these cyber threats is data intelligence — knowledge about where threats are coming from, who is most susceptible to malicious attacks, and the cost of data breaches in today’s digital economy.
In a recent study conducted by Ponemon Institute and sponsored by IBM, the average total cost of a data breach last year in the Gulf increased dramatically by nearly 20 per cent, from an average of $108.5 to $122 per record.
A “breach” is defined as an event in which an individual’s name plus a registration, medical, or financial record is potentially put at risk. Some of these breaches are malicious or criminal attacks, while others are simply system glitches or human error.
“Why do these costs keep climbing so severely? The cyberattacks are increasing both in frequency and in the cost it requires to resolve these security incidents. Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost. Third, more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management,” Dr Tamer Aboualy, security practice lead at IBM Middle East and Africa, told Gulf News.
Moreover, he said the average total organisational cost increased from $3.11 million in 2014 to $3.8 million in this year’s study. Interestingly, the global benchmark of 350 companies spanning 11 countries also found the average consolidated cost of a data breach to be $3.8 million — mirroring the average seen in the Gulf — marking a 23 per cent increase since 2013.
Services, financial, technology and energy sectors have a per capita data breach cost substantially above the overall mean. On the other hand, he said that the public sector, retail and transportation had a per capita cost well below the overall mean value.
“Overall we are seeing companies spending much more on forensic and investigative activities, audit services, crisis team management, and communications to executive management,” Aboualy said.
The average detection and escalation costs in the region increased from approximately $350,000 to $680,000 over the last year.
The reality is that the “growing sophistication” of cybercriminals ties directly to the historic costs we’re seeing for data breaches. Around 56 per cent of incidents in the region involved data theft or criminal misuse. That is almost 10 per cent higher than the global average, and is in part why the cost of data breaches is rising.
With these threats in mind, he said that there are definitely factors that decrease the cost of a data breach.
“Extensive use of encryption, incident response plans, business continuity management, and insurance protection are but a few of the factors shown to statistically decrease the per capita cost of a data breach,” he said.
Moreover, he said that there’s been a clear increase in the use of these measures in the region. For example, the use of encryption among companies surveyed was up six per cent year on year.
IBM also found a five per cent increase in the use of access management solutions, and a four per cent increase in the application of security intelligence systems.
Is this enough to overcome the onslaught of data threats facing companies today? That verdict is still out.
However, he said the use of more advanced security analytics, open sharing of threat intelligence data, and deeper collaboration across the IT security industry are all “encouraging signs” that the region is ready to even the playing field against attackers while helping mitigate the cost to commerce and society.
