Cost of a data breach for ASEAN businesses hits record high

• The cost of data breach in Southeast Asia reach US$3.05 million. 
• ASEAN organizations with extensive use of security AI and automation cut breach lifecycles by 99 days and reduce data breach cost by nearly US$1.25 million.

Findings from IBM Security’s annual Cost of a Data Breach Report indicate that the costs of data breaches globally continue to increase. In fact, the global average cost of a data breach in 2023 is US$4.45 million, a 15% increase over the past three years.

With 82% of cybersecurity breaches involving data stored in the cloud, organizations must look for solutions that provide visibility across hybrid environments. Organizations also need to protect data as it moves across clouds, databases, apps and services.

The increasing number of cyber-attacks has led to 51% of organizations planning to increase their security investments. This includes improving incident response planning and testing, employee training as well as threat detection and response tools. At the same time, there has been an increased usage of security AI and automation in cybersecurity which has led to savings of up to US$1.76 million compared to organizations that don’t.

In a blog post, IBM pointed out that the increase in the cost of data breaches was because breaches took longer to contain when data was stored in multiple environments. The study highlights that data stored in the cloud comprised 82% of all data breaches, with just 18% of breaches involving solely on-premises data storage. 39% of data breaches in the study involved data stored across multiple environments, which was costlier and more difficult to contain than other types of breaches.

“It took 292 days, or 15 days longer than the global average, to contain a breach across multiple environments. Data stored in multiple environments also contributed to about US$750,000 more in average breach costs,” stated IBM.

The cost of a data breach in ASEAN

The cost of a data breach in Southeast Asia has also reached new records. At US$3.05 million, the cost is at an all-time high and a 6% increase year-to-year. Detection and escalation costs jumped 15% over this same time frame, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations.

The ASEAN region includes a cluster sample of companies located in Malaysia, Singapore, Indonesia, the Philippines, Thailand and Vietnam. 38% of data breaches studied in the region resulted in the loss of data across multiple environments including public cloud, private cloud, and on-premises—showing that attackers were able to compromise multiple environments while avoiding detection. Data breaches studied that impacted multiple environments also led to higher breach costs (US$3.14 million on average).

Looking at the targeted industries in the region, financial services and energy companies see the highest breach costs. By far the most impacted across ASEAN, the financial sector is paying nearly US$4.81 million on average per breach, while the energy sector is paying US$3.60 million on average.

Interestingly, the increasing number of cyber incidents have seen more companies in the region implement more AI cybersecurity solutions as well. AI and automation had the biggest impact on the speed of breach identification and containment for studied organizations. In ASEAN countries including Malaysia, organizations with extensive use of both AI and automation experienced a data breach lifecycle that was 99 days shorter with nearly US$1.25 million lower data breach costs compared to studied organizations that have not deployed these technologies – the biggest cost saver identified in the report.

Another interesting find in the report is the cost of silence. Many organizations continue to avoid involving law enforcement agencies and end up paying the ransomware demand. They feel that it will only complicate the situation.

However, globally, ransomware victims in the study that involved law enforcement saved US$470,000 in average costs of a breach compared to those that chose not to involve law enforcement. These companies also experienced breach lifecycles that were 33 days longer on average than those that did involve law enforcement. Despite these potential savings, 37% of ransomware victims studied did not involve law enforcement in a ransomware attack.

When it comes to the detection of a data breach or other cybersecurity problems, only one-third of studied breaches were detected by an organization’s own security team globally compared to 27% that was disclosed by an attacker. Data breaches disclosed by the attacker cost nearly US$1 million more on average compared to studied organizations that identified the breach themselves.

“Time is the new currency in cybersecurity both for the defenders and the attackers. An extensive security AI and automation are crucial in building a robust threat management capability for organizations to early detect and fast respond to anomalies. This can significantly reduce the impact and losses of businesses and unlock tangible benefits for speed and efficiency,” commented Catherine Lian, Managing Director and Technology Leader, at IBM Malaysia.

Threat detection and response have seen some progress. Yet, while defenders were able to halt a higher proportion of ransomware attacks last year, adversaries are still finding ways to slip through the cracks of defense.

The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the 18th annual Cost of a Data Breach Report. The 2023 edition of the report draws analysis from a collection of real-world data breaches at 553 organizations. The breaches studied occurred between March 2022 and March 2023.

---

---

---

---