IBM CyberSecurityNews

IBM: Cost of data breach in ASEAN soars to $3.05 million

The cost of a data breach in the ASEAN region has hit a record high of $3.05 million, marking a 6% increase year-to-year, according to the latest report from IBM Security.

The most targeted industries include financial services and energy companies, which reported the highest breach costs. The financial sector, deemed the most impacted across ASEAN according to the report, pays an average of nearly $4.81 million per breach, while the energy sector pays an average of $3.60 million.

Based on an in-depth analysis of real-world data breaches experienced by 553 organizations globally between March 2022 and March 2023, the 2023 Cost of a Data Breach Report encompasses the ASEAN region, comprising a cluster sample of companies located in Singapore, Indonesia, the Philippines, Malaysia, Thailand, and Vietnam.

IBM builds security command center in APAC
Alibaba Cloud, IBM co-develop security solution to offer to businesses

In ASEAN and the Philippines, almost 38% of the studied data breaches resulted in the loss of data across multiple environments, including public cloud, private cloud, and on-premises systems, indicating that attackers managed to compromise multiple environments while avoiding detection. Data breaches impacting multiple environments also resulted in higher breach costs (an average of $3.14 million).

Utilization of security AI and automation

The research, conducted by the Ponemon Institute, also revealed a 15% increase in detection and escalation costs. This represents the highest portion of breach costs and signifies a shift toward more complex breach investigations.

Alarmingly, the report discovered that, at a global level, only one-third of the studied breaches were detected by the organization’s own security team, compared to 27% that were disclosed by attackers. Data breaches disclosed by attackers cost nearly $1 million more on average compared to breaches identified by the organizations themselves.

The research found that the organizations under study have been leveraging AI and automation to bolster their security postures. In ASEAN countries, including the Philippines, organizations extensively utilizing both AI and automation experienced a data breach lifecycle 99 days shorter, with data breach costs nearly $1.25 million lower, compared to organizations that have not deployed these technologies – the most significant cost-saving factor identified in the report.

Cost of keeping quiet about breaches

However, not all organizations involve law enforcement in investigating their data breaches, even though the report found that organizations seeking help from authorities saved an average of $470,000 in costs. These organizations believed that involving law enforcement during a ransomware attack would only complicate the situation.

For the first time this year, the IBM report included this aspect in its research and found that, at a global level, participating organizations that did not involve law enforcement experienced breach lifecycles that were, on average, 33 days longer than those involving law enforcement – and this silence came with a price.

Despite ongoing efforts by law enforcement to collaborate with ransomware victims, 37% of respondents still chose not to involve them. Almost half (47%) of the studied ransomware victims reportedly paid the ransom.

“It’s clear that organizations should abandon these misconceptions around ransomware. Paying a ransom and avoiding law enforcement may only increase incident costs and slow the response,” the report stated.