The average cost of a data breach in the ASEAN region increased by 6% to $3.23 million in 2024 compared to last year, the highest on record, according to IBM's latest annual Cost of a Data Breach Report. It added that ASEAN's critical infrastructure organizations experienced the highest breach costs. Financial services participants saw the costliest breaches across industries ($5.57 million), followed by the industrial sector ($4.18 million) and technology ($4.09 million).
"Disruption is the new cost of insecurity, and security is becoming the new cost of business. The 2024 report shows the extent and cost of business disruption caused by data breaches, which can even lead to a complete business shutdown. As the collateral damage from data breaches intensifies, lost business and post-breach customer response costs drove the annual spike," said Catherine Lian, general manager of IBM ASEAN. She added, "The stakes are higher than ever in the AI era. While generative AI can help address the skills shortage in today's landscape, where security teams are understaffed, it is also being used to create and launch attacks at scale. Security can no longer be an afterthought. ASEAN companies need to invest in AI-driven defenses to stay ahead and harness the potential of these technologies, ensuring business continuity and protecting their customers."
For the ASEAN region, the 2024 report included a cluster sample of companies in Singapore, Indonesia, the Philippines, Malaysia, Thailand, and Vietnam.
In the region, 56% of organizations studied are deploying security AI and automation across their security operation center (SOC), a nearly 8% jump from the previous year. When these technologies were used extensively, companies shortened the data breach lifecycle by 99 days and incurred an average of $1.42 million less in breach costs compared to those without security AI and automation deployments. While AI technologies provide defenders with new tools for rapidly identifying and automating responses to threats, they are also expanding the attack surface and are expected to present new risks for security teams.
More organizations studied globally faced severe staffing shortages compared to the prior year (26% increase). They observed an average of $1.76 million more in breach costs than those with low or no security staffing issues. However, mounting staffing challenges may soon see relief, as more organizations stated that they plan to increase security budgets compared to last year (63% vs. 51%), with employee training emerging as a top planned investment area. Organizations also plan to invest in incident response planning and testing, threat detection and response technologies (e.g., SIEM, SOAR and EDR), identity and access management, and data security protection tools.
Globally, 70% of breached organizations reported that the breach caused significant or very significant disruption. The disruptive effects of data breaches on businesses are not only driving up costs but also extending the aftereffect of a breach, with recovery taking more than 100 days for most of the small number (12%) of breached organizations that were able to fully recover.
Some other key findings in the 2024 IBM report for the ASEAN region include:
Data visibility gaps – According to the 2024 report, 41% of breaches involved data stored across multiple environments, including public cloud, private cloud, and on-prem. These breaches were also the most expensive at $3.44 million on average and took the longest to identify and contain (287 days).
Key factors that amplified costs – The top three factors that increased breach costs for local organizations were migration to the cloud ($263K), IoT/OT environment impacted ($220K), and security system complexity ($181K).
Process-related activities that increased data breach costs – Lost business costs—operational downtime, lost customers, and reputation damage, among others—escalated nearly 31% compared to the prior year. Post-breach customer response jumped 16% and notification costs increased almost 13% over the same time frame.
Data Breach Lifecycle – ASEAN companies studied needed an average of nearly nine months (264 days) to identify and contain incidents.
Initial attack vectors – At 16%, phishing was the most common initial attack vector and represents an average total cost of USD $3.39 million per breach. Followed by stolen or compromised credentials ($3.12) and business email compromise ($3.46), accounting for 13% of incidents each. Attacks using zero-day vulnerability were the most expensive entry point ($3.62) at 9% of breaches studied.
Fewer ransoms paid when law enforcement is engaged – Globally, by bringing in law enforcement, ransomware victims saved, on average, nearly $1 million in breach costs compared to those who didn't—that savings exclude the ransom payment for those who paid. Most ransomware victims (63%) who involved law enforcement could also avoid paying a ransom.
Comments