IBM Reveals Drop in Data Breach Costs for Middle East
IBM has released its 2025 Cost of a Data Breach Report, revealing a notable decrease in average breach costs for businesses in the Middle East. According to the report, the average cost fell to SAR 27.00 million, down 18% from SAR 32.80 million the year before.
The report highlighted that AI/ML-driven insights, encryption, and a DevSecOps approach were the top three factors that helped reduce costs for organizations in the region.
Despite the drop, lost business remained the largest cost category, averaging SAR 11.63 million. Post-breach response costs followed at SAR 7.50 million, with detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million.
IBM reported that the financial sector experienced the highest breach costs at SAR 34.00 million. The energy and industrial sectors followed closely with SAR 32.00 million.
Saad Toma, General Manager of IBM Middle East and Africa, noted the region's proactive use of AI. He stated that AI-driven tools are enhancing detection and response, but emphasized the need for continued investment in security talent and governance.
The report also revealed: 41% of Middle East organizations use access controls to protect AI systems, compared to only 3% globally.
38% have formal AI governance policies, with another 24% developing them.
Complex security systems, IoT/OT environments, and staff shortages significantly raise breach costs.
Top initial attack vectors in 2025 included: Third-party vendor and supply chain compromise (17%, SAR 29.60 million)
Denial of service attacks (14%, SAR 27.20 million)
Phishing (14%, SAR 28.00 million)
Malicious insider threats (11%, SAR 33.00 million)
IBM conducted the report in partnership with the Ponemon Institute, analyzing over 600 global breaches, including those in Saudi Arabia and the UAE, from March 2024 through February 2025. The report draws on two decades of research, covering nearly 6,500 breaches.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Web Release
3 days ago
- Web Release
IBM Report: Data Breach Costs Drop 18% in the Middle East, Reaching SAR 27 Million in 2025
IBM (NYSE:IBM) released its 2025 Cost of a Data Breach Report, revealing that the average cost of a data breach for businesses in the Middle East reached SAR 27.00 million. This represents a decrease of approximately 18% from SAR 32.80 million the year prior. According to the report, the top three factors that reduced breach costs for local businesses were AI/ML-driven insights, encryption and a DevSecOps approach. In the Middle East, lost business remained the largest cost category in 2025, averaging SAR 11.63 million per breach. This was followed by post-breach response costs at SAR 7.50 million, detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million. While overall breach costs have declined this year, these figures underscore the continued financial strain organizations face across the entire breach lifecycle — from discovery to containment. Certain sectors continued to face significantly high breach costs in 2025. This year, the financial sector recorded the highest total breach cost reaching SAR 34.00 million, followed closely by energy and industrial at SAR 32.00 million. 'It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year. It is no coincidence that a region with some of the world's boldest AI ambitions is also seeing less costly breaches. As organizations accelerate the adoption of AI-driven tools for security, they are improving their ability to detect and contain threats before they escalate. But as attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance tools will be essential to sustaining this momentum,' said Saad Toma, General Manager of IBM Middle East and Africa. Other key findings in the 2025 IBM report for the Middle East include: Mitigating risks of AI model attacks – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI. – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI. AI governance adoption – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%). – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%). Factors that increase costs – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average. – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average. Top initial attack vectors – The most common initial causes of data breaches in 2025 were third-party vendor and supply chain compromise, which account for 17% of incidents and carried an average cost of 29.60 million. Denial of service attacks and phishing each made up 14% of breaches, with average costs of SAR 27.20 million and SAR 28.00 million respectively. Malicious insider threats, while slightly less frequent at 11%, resulted in the highest average cost at SAR 33.00 million. The 2025 Cost of a Data Breach Report analyzed real-world data breaches from over 600 organizations worldwide from March 2024 through February 2025, including organizations from Saudi Arabia and the United Arab Emirates. Conducted by Ponemon Institute and sponsored and analyzed by IBM, the Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years. Additional Sources
TECHx
3 days ago
- TECHx
IBM Reveals Drop in Data Breach Costs for Middle East
Home » Top stories » IBM Reveals Drop in Data Breach Costs for Middle East IBM has released its 2025 Cost of a Data Breach Report, revealing a notable decrease in average breach costs for businesses in the Middle East. According to the report, the average cost fell to SAR 27.00 million, down 18% from SAR 32.80 million the year before. The report highlighted that AI/ML-driven insights, encryption, and a DevSecOps approach were the top three factors that helped reduce costs for organizations in the region. Despite the drop, lost business remained the largest cost category, averaging SAR 11.63 million. Post-breach response costs followed at SAR 7.50 million, with detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million. IBM reported that the financial sector experienced the highest breach costs at SAR 34.00 million. The energy and industrial sectors followed closely with SAR 32.00 million. Saad Toma, General Manager of IBM Middle East and Africa, noted the region's proactive use of AI. He stated that AI-driven tools are enhancing detection and response, but emphasized the need for continued investment in security talent and governance. The report also revealed: 41% of Middle East organizations use access controls to protect AI systems, compared to only 3% globally. 38% have formal AI governance policies, with another 24% developing them. Complex security systems, IoT/OT environments, and staff shortages significantly raise breach costs. Top initial attack vectors in 2025 included: Third-party vendor and supply chain compromise (17%, SAR 29.60 million) Denial of service attacks (14%, SAR 27.20 million) Phishing (14%, SAR 28.00 million) Malicious insider threats (11%, SAR 33.00 million) IBM conducted the report in partnership with the Ponemon Institute, analyzing over 600 global breaches, including those in Saudi Arabia and the UAE, from March 2024 through February 2025. The report draws on two decades of research, covering nearly 6,500 breaches.
Gulf Business
3 days ago
- Gulf Business
Data breach costs in Middle East drop 18% as AI adoption grows
Image: Getty Images IBM has released its 2025 edition of the Lost business remained the most significant contributor to breach costs in the region, averaging $3.14m (SAR11.63m) per incident. This was followed by post-breach response costs at $2.03m (SAR7.50m), detection and escalation at $1.77m (SAR6.55m), and notification costs at $356,400 (SAR 1.32 million). The financial sector recorded the highest breach costs in 2025, reaching $9.18m (SAR34m), followed closely by the energy and industrial sectors at $8.64m (SAR 32m). These figures highlight the continued financial exposure that organisations face across the entire breach lifecycle. 'It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year. It is no coincidence that a region with some of the world's boldest AI ambitions is also seeing less costly breaches. As organisations accelerate the adoption of AI-driven tools for security, they are improving their ability to detect and contain threats before they escalate. But as attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance tools will be essential to sustaining this momentum,' said Saad Toma, general manager of IBM Middle East and Africa. Read: According to the report, 41% of surveyed organisations in the Middle East have implemented access controls on AI systems to mitigate risks of AI model attacks—compared to just 3% globally. This indicates a proactive regional approach to AI security and governance. AI governance frameworks are also gaining traction, with 38% of organisations already having policies in place and another 24% developing them. Among those with formal governance, the most common practices include strict approval processes for AI deployments (45%), adversarial testing (44%), and the adoption of AI governance technologies (43%). On the cost side, organisations with complex security environments saw an average increase of $234,200 (SAR867,378) in breach-related costs. Breaches involving IoT or OT systems added $226,730 (SAR839,750), while cybersecurity staffing shortages led to an additional $221,130 (SAR818,997) per incident. Third-party vendor and supply chain compromises emerged as the most common initial breach vector, accounting for 17% of incidents, with an average cost of $7.99 million (SAR 29.60 million). Denial-of-service attacks and phishing each represented 14% of cases, with costs averaging $7.34m (SAR 27.20m) and $7.56m (SAR 28m) respectively. Malicious insider attacks, though less frequent at 11%, had the highest cost at $8.91m (SAR33m). The 2025 Cost of a Data Breach Report draws on analysis of over 600 breaches globally, including organisations in Saudi Arabia and the UAE, between March 2024 and February 2025. Conducted by Ponemon Institute and sponsored by IBM, the report is based on over two decades of research and data from nearly 6,500 real-world breaches.
