• About
  • Subscribe
  • Contact
Wednesday, June 4, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Technology Data Protection

Cost of a data breach hits US$3.05M for ASEAN businesses

FutureCISO Editors by FutureCISO Editors
July 31, 2023
Cost of a data breach hits US$3.05M for ASEAN businesses

Image by Shakti Shekhawat from Pixabay

Share on FacebookShare on Twitter

The average cost of a data breach in ASEAN countries, including in Singapore, reached an all -time high at US$3.05 million in 2023– a 6% increase year-to-year, according to the recently released Cost of a Data Breach Report commissioned by IBM Security.

The report also showed that detection and escalation costs jumped 15% over this same time frame, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations.

The 18th edition of the report, which is being published annually, is based on in-depth analysis of real-world data breaches experienced by 553 organisations globally between March 2022 and March 2023.

It is conducted by Ponemon Research and analysed by IBM Security.

The ASEAN region includes a cluster sample of companies located in Singapore, Indonesia, the Philippines, Malaysia, Thailand and Vietnam.

AI picks up speed

One of the key findings revealed the impact of AI and automation on the speed of breach identification and containment for organisations polled for the research.

Chris Hockings, IBM Security

In ASEAN countries, including in Singapore, organisations with extensive use of both AI and automation experienced a data breach lifecycle that was 99 days shorter with nearly US$1.25 million lower data breach costs compared to studied organisations that have not deployed these technologies – the biggest cost saver identified in the report.

“In addition to time to identify and contain a data breach, extensive security AI and automation use is also a crucial factor that delivers significant cost savings to organisations in ASEAN countries,” said Chris Hockings, chief technology officer, IBM Security, Asia Pacific.

“In 2023, the industry is reaching a tipping point in the maturity curve for AI in security operations where enterprise grade AI capabilities can be trusted and automatically acted upon via orchestrated response. This will unlock tangible benefits for speed and efficiency, which are desperately needed in today’s business landscape where early detection and fast response can significantly reduce the impact and losses of businesses.”

Chris Hockings, IBM Security

The report also quantified the cost of silence to companies that suffered ransomware attacks. Globally, ransomware victims in the study that involved law enforcement saved nearly half a million dollars or US$470,000 in average costs of a breach compared to those that chose not to involve law enforcement. Despite these potential savings, 37% of ransomware victims studied did not involve law enforcement in a ransomware attack.

Related:  HK Police and ISCA forge financial forensics pact

According to the 2023 IBM report, globally businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that while 95% of studied organisations have experienced more than one breach, breached organisations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%).

Ransomware “discount Code”

Furthermore, the research pointed to detection gaps among the polled companies.  At a global level, only one third of studied breaches were detected by an organisation’s own security team, compared to 27% that were disclosed by an attacker. Data breaches disclosed by the attacker cost nearly US$1 million more on average compared to studied organisations that identified the breach themselves.

Some studied organisations remain apprehensive to engage law enforcement during a ransomware attack due to the perception that it will only complicate the situation.

For the first time this year, the IBM report looked closer at this issue and found evidence to the contrary. At a global level, participating organisations that did not involve law enforcement experienced breach lifecycles that were 33-days longer on average than those that did involve law enforcement – and that silence came with a price. Ransomware victims studied that didn't bring in law enforcement paid on average US$470,000 higher breach costs than those that did.

Despite ongoing efforts by law enforcement to collaborate with ransomware victims, 37% of respondents still opted not to bring them in. Add to that, nearly half (47%) of studied ransomware victims reportedly paid the ransom.

“It’s clear that organisations should abandon these misconceptions around ransomware. Paying a ransom, and avoiding law enforcement, may only drive-up incident costs, and slow the response."

Chris Hockings, IBM Security

Security teams poor in detecting breaches themselves

Related:  SeeMetrics launches cybersecurity governance boards

According to IBM’s 2023 Threat Intelligence Index, defenders were able to halt a higher proportion of ransomware attacks last year. However, threat actors are still finding ways to slip through the cracks of defense.

Globally, the report found that only one in three studied breaches were detected by the organisation’s own security teams or tools, while 27% of such breaches were disclosed by an attacker, and 40% were disclosed by a neutral third party such as law enforcement.

Image by Gerd Altmann from Pixabay

Responding organisations that discovered the breach themselves experienced nearly US$1 million less in breach costs than those disclosed by an attacker (US$5.23 million vs. US$4.3 million). Breaches disclosed by an attacker also had a lifecycle nearly 80 days longer (320 vs. 241) compared to those who identified the breach internally. The significant cost and time savings that come with early detection show that investing in these strategies can pay off in the long run.

In ASEAN and Singapore, nearly 38% of data breaches studied resulted in the loss of data across multiple environments including public cloud, private cloud, and on-prem—showing that attackers were able to compromise multiple environments while avoiding detection. Data breaches studied that impacted multiple environments also led to higher breach costs (US$3.14 million on average).

Additional findings in the 2023 IBM report include:

  • Target industries – Financial services and energy companies see the highest breach costs. By far the most impacted across ASEAN, the financial sector is paying nearly US$4.81 million on average per breach, while the energy sector is paying US$3.60 million on average.
  • DevSecOps advantage – At a global level, studied organisations across all industries with a high level of DevSecOps saw a global average cost of a data breach nearly US$1.7 million lower than those studied with a low level/no use of a DevSecOps approach.
  • Critical infrastructure breach costs break US$5 Million – Globally, critical infrastructure organisations studied experienced a 4.5% jump in the average costs of a breach compared to last year – increasing from US$4.82 million to US$5.04 million – US$590K higher than the global average.
Tags: Artificial IntelligenceASEANcybersecuritydata breachIBM SecurityIndonesiaMalaysiaPhilippinesPonemon InstituteransomwareSingaporeThailandVietnam
FutureCISO Editors

FutureCISO Editors

No Result
View All Result

Recent Posts

  • Check Point launches enhanced branch office security gateways
  • BarracudaOne to offer a unified approach to cybersecurity
  • AI agents present new security challenges in Southeast Asia
  • Red Hat launches Enterprise Linux 10 for hybrid security
  • Only 36% of HKG employees under AI-powered cyber threats

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl