Average data breach cost in ASEAN climbs to all-time high
THE AVERAGE COST of data breaches in the Association of Southeast Asian Nations (ASEAN) region has reached an all-time high of $3.23 million this year, the International Business Machines Corp. (IBM) said on Wednesday.
This was 6% higher than $3.05 million in 2023 and affected companies in the Philippines, Singapore, Indonesia, Malaysia, Thailand, and Vietnam, IBM’s 2024 Cost of a Data Breach Report showed.
Globally, the average cost of data breaches spiked by 10% year on year to $4.88 million.
The report surveyed 604 organizations globally between March 2023 and February 2024.
“ASEAN’s critical infrastructure organizations experienced the highest breach costs, with financial services participants saw the costliest breaches across industries ($5.57 million), followed by the industrial sector ($4.18 million) and technology ($4.09 million),” IBM said in a statement.
“Disruption is the new cost of insecurity, and security is becoming the new cost of doing business. The 2024 report shows the extent and cost of business disruption caused by data breaches, which can even lead to a complete business shutdown. As the collateral damage from data breaches intensifies, lost business and post-breach customer response costs drove the annual spike,” IBM ASEAN General Manager Catherine Lian was quoted as saying.
Ms. Lian said investing in cybersecurity has become more important amid increased use of artificial intelligence (AI) technologies.
“The stakes are higher than ever in the AI era. While generative AI can help address the skills shortage in today’s landscape where security teams are understaffed, it is also being used to create and launch attacks at scale. Security can no longer be an afterthought. ASEAN companies need to invest in AI-driven defenses to stay ahead and harness the potential of these technologies, ensuring business continuity and protecting their customers,” she added.
About 56% of the surveyed organizations are deploying security AI and automation across their security operation center, 8% higher than in 2023.
“When these technologies were used extensively, companies shortened the data breach lifecycle by 99 days and incurred an average $1.42 million less in breach costs, compared to those without security AI and automation deployments. While AI technologies provide defenders with new tools for rapidly identifying and automating responses to threats, they are also expanding the attack surface and are expected to present new risks for security teams,” IBM said.
The report also showed that 41% of breaches in the ASEAN region involved data stored across multiple environments, including public cloud, private cloud, and on-site. These were the most expensive, costing $3.44 million on average and taking the longest to identify and contain (287 days).
Migration to the cloud and security system security were among the top factors blamed for increased breach costs, with ASEAN companies surveyed needing an average of nearly nine months or 264 days to identify and contain incidents.
“Lost business costs — operational downtime, lost customers, and reputation damage, among others — escalated nearly 31%, compared to the prior year. Post-breach customer response jumped 16% and notification cost increased almost 13% over the same time frame,” IBM said.
“At 16%, phishing was the most common initial attack vector and represent an average total cost of $3.39 million per breach, followed by stolen or compromised credentials ($3.12) and business e-mail compromise ($3.46) accounting for 13% of incidents each. Attacks using zero-day vulnerability were the most expensive entry point ($3.62) at 9% of breaches studied,” it added.
Meanwhile, globally, organizations that fell victim to ransomware saved an average of $1 million in breach costs when they enlisted the help of law enforcement, with 63% of these firms being able to avoid paying a ransom. — ARAI