Data protection continues to be a challenge as firms hold more and more sensitive information
Dubai - Services, financial services and technology top list as most expensive industries in UAE, Saudi Arabia
Published: Fri 28 Jul 2017, 8:18 PM
Updated: Sat 29 Jul 2017, 9:28 AM
Data security has become a prime concern for businesses globally and the UAE is no exception as it combats data breach incidents and spends heavily to offer secured data environment both to residents and businesses.
Simple tips and measures can help avert cyberattacks that raise the risk of exposing important data. A recent study by IBM and Ponemon Institute has shown that average cost of a data breach in the Middle East stands at $4.94 million in 2017, indicating a rise of 6.9 per cent since 2016. These breaches cost firms $154.7 per lost or stolen record on average.
This year's annual study was conducted in 11 countries and combined two regions: the US, Germany, Canada, France, the UK, Italy, Japan, Australia, the Middle East (Saudi Arabia and the UAE combined), Brazil, India, South Africa and the Association of Southeast Asian Nations.
When compared to other markets, organisations in Saudi Arabia and the UAE saw the second highest average cost of a data breach at $4.94 million (Dh18.1 million), have the highest direct per capita cost ($81) and are amongst the top markets that spend the most ($1.43 million) on post-data breach response.
"Data protection continues to be a challenge as businesses hold more and more sensitive information, pushing cybersecurity higher up the agenda," said Saeed Agha, security business unit leader at IBM Gulf and the Levant. "According to the study, malicious or cyberattacks are a major cause of data breach in Saudi Arabia and the UAE. Such attacks are financially damaging and present great threat to the reputation of organisations. It is important to start looking at security hygiene measures as an opportunity to avoid falling victim to the next big security threat rather than a nuisance."
The 2017 Cost of Data Breach report also revealed that malicious or criminal attacks are the most frequent cause of data breach in Saudi Arabia and the UAE. Fifty-nine per cent of incidents involved data theft or criminal misuse. These types of incidents cost companies $171.7 per compromised record, compared to $130.7 and $128.5 per compromised record as a result of a breach caused by system glitch or employee negligence, respectively.
Top factors that contributed to the increase of cost of a data breach in Saudi Arabia and the UAE include compliance failures and the extensive use of mobile platforms. Companies reported that compliance failures and the extensive use of mobile platforms increased the cost of each compromised record by $10.4 and $12.8, respectively.
Scott Manson, cybersecurity leader for the Middle East and Turkey at Cisco, said: "Cybersecurity is finally becoming a top-of-mind business objective for many with many organisations making the board hold accountability, which makes sense considering a large security breach/incident doesn't only affect finances and productivity, but can severely damage customers' trust towards the brand."
In Saudi Arabia and the UAE, services, financial services and technology have topped the list as the most expensive industries for data breaches, costing organisations $221.3, $201.1 and $184.5 per record, respectively.
Brandon Bekker, managing director at Mimecast Middle East and Africa, said: "Top priority for any business in today's volatile threat landscape is to plan, develop and implement a cyber-resilience strategy. A cyber-resilience strategy will ensure businesses are prepared in the event of a cyberattack/breach and have the required processes and technology in place to identify, protect, detect, respond, and recover from a cyberattack and/or data breach. Businesses should regularly test their cyber resilience strategy with mock exercises to ensure that they are ready in the event that they experience a cyberattack."
According to the study, how quickly an organisation can contain data breach incidents has a direct impact on financial consequences. Globally, the cost of a data breach was nearly $1 million lower on average for organisations that were able to contain a data breach in less than 30 days compared to those that took longer than that.
There is room for improvement with organisations when it comes to the time to identify and respond to a breach. On average, organisations in Saudi Arabia and the UAE took 245 days to identify a breach, and 80 additional days to contain a breach once discovered.
"Data security is important and crucial for businesses and in this digital era, a cybersecurity attack can come from anywhere. Security should be at the top of every organisation's agenda unless they want to be caught on their blindside. Cybersecurity is not just an IT issue, or a policy issue, or a compliance issue. It's becoming a corporate risk issue. Data security is ultimately about people. Every employee must understand the risks and ramifications of data breaches and know how to prevent them, especially as social engineering attacks increase," said Mohammed Basheer, IT security practice head at ISYX Technologies.
- sandhya@khaleejtimes.com