IBM Report: Data Breach Costs Drop 18% in the Middle East, Reaching SAR 27 Million in 2025
In the Middle East, lost business remained the largest cost category in 2025, averaging SAR 11.63 million per breach. This was followed by post-breach response costs at SAR 7.50 million, detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million. While overall breach costs have declined this year, these figures underscore the continued financial strain organizations face across the entire breach lifecycle — from discovery to containment.
Certain sectors continued to face significantly high breach costs in 2025. This year, the financial sector recorded the highest total breach cost reaching SAR 34.00 million, followed closely by energy and industrial at SAR 32.00 million.
'It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year. It is no coincidence that a region with some of the world's boldest AI ambitions is also seeing less costly breaches. As organizations accelerate the adoption of AI-driven tools for security, they are improving their ability to detect and contain threats before they escalate. But as attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance tools will be essential to sustaining this momentum,' said Saad Toma, General Manager of IBM Middle East and Africa.
Other key findings in the 2025 IBM report for the Middle East include:
Mitigating risks of AI model attacks – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI.
– To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI. AI governance adoption – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%).
– 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%). Factors that increase costs – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average.
– Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average. Top initial attack vectors – The most common initial causes of data breaches in 2025 were third-party vendor and supply chain compromise, which account for 17% of incidents and carried an average cost of 29.60 million. Denial of service attacks and phishing each made up 14% of breaches, with average costs of SAR 27.20 million and SAR 28.00 million respectively. Malicious insider threats, while slightly less frequent at 11%, resulted in the highest average cost at SAR 33.00 million.
The 2025 Cost of a Data Breach Report analyzed real-world data breaches from over 600 organizations worldwide from March 2024 through February 2025, including organizations from Saudi Arabia and the United Arab Emirates. Conducted by Ponemon Institute and sponsored and analyzed by IBM, the Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years.
Additional Sources
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
20 hours ago
- Zawya
UPDATE 1-AT&T to dual list on NYSE Texas
Wireless carrier AT&T said on Thursday it will dual list on the NYSE Texas, effective August 1. NYSE Texas officially opened for business in March and has seen several companies, including oilfield service company Halliburton and Truth Social-parent Trump Media & Technology Group, dual list on the Dallas-based exchange in the first three months. "Following its dual listing, AT&T will maintain its primary listing on the New York Stock Exchange and trade with the "T" ticker symbol on NYSE Texas," the company said. (Reporting by Harshita Mary Varghese in Bengaluru; Editing by Sriraj Kalluvila)
Web Release
a day ago
- Web Release
TELUS Digital Expands into the Middle East with Opening of Dubai Office
TELUS Digital Experience (TELUS Digital) (NYSE and TSX: TIXT), a leading global technology company specializing in digital customer experiences (CX), today announced the opening of its TELUS Digital Dubai office in the United Arab Emirates (UAE). This marks the company's entry into the Middle East, reinforcing its commitment to supporting its clients around the world with innovative, AI-fueled solutions that drive customer engagement and a more efficient enterprise. With accelerating demand for digital transformation across the Gulf region, Dubai offers an ideal hub for TELUS Digital to provide end-to-end services through strategy, delivery, and managed operations – with expertise in digital strategy consulting and experience design, AI-powered automation, and customer experience modernization – all supported by its global team and delivery model. AI in Dubai powers TELUS Digital's regional strategy 'Opening a local office in the Middle East is a natural step in deepening our presence in key growth markets,' said Tobias Dengel, President, TELUS Digital Solutions. 'Across the Gulf region, there's growing interest to work with full-service partners from the strategy development phase through to designing and building digital experiences, AI platforms and customer solutions at scale. This is exactly where we excel. Our expert team located around the world brings together consulting and product strategy with deep expertise in AI, computer vision and automation to help our clients build intelligent, future-ready experiences. The Gulf region's forward-thinking infrastructure and pro-innovation environment make it the ideal place to do this work.' The Middle East accelerates its AI investments Artificial intelligence (AI) is at the forefront of national strategies across the Middle East, with countries including the UAE, Saudi Arabia and Qatar making ambitious investments to drive economic diversification and digital leadership. In the UAE, the government's AI 2031 strategy sets out a bold vision to become a global leader in AI, supported by major public-sector initiatives and multi-billion-dollar investments in AI infrastructure and compute capacity. These efforts are fueling innovation across critical sectors such as energy, transportation, logistics, healthcare and education, positioning the region as a growing hub for AI research, development and deployment. As the UAE positions itself at the forefront of AI adoption, TELUS Digital's new Dubai office will serve as a launch point to enable work across those key sectors as well as additional verticals including financial services, telecom and media, hospitality, and retail. 'What sets TELUS Digital apart is our ability to combine the precision of a bespoke partner with the scale and experience of a global organization that spans more than 30 countries,' said Mona Kadouh, Managing Director, TELUS Digital Middle East. 'We are deeply invested in understanding our clients' specific challenges rather than selling generic solutions. We like to say that we 'fall in love with our clients' problems' – a mindset that we demonstrate through our hands-on approach, leveraging proprietary GenAI and AI data platforms, and supported by a strong ecosystem of trusted technology partners.' TELUS Digital expands its global delivery in South Africa and India TELUS Digital recently expanded its global delivery footprint with the addition of its second site in South Africa, located in Cape Town, and its sixth site in India, in Ahmedabad, located in GIFT City, the country's first operational smart city and Special Economic Zone (SEZ). These sites provide strategic proximity to key markets in Europe and the Middle East, and expand the company's CX delivery capabilities and multilingual support, as well as its ability to support key business functions for clients, including IT, HR, talent acquisition, finance and workforce management. Across its Centers of Excellence in India, TELUS Digital also provides specialized expertise in digital transformation, data annotation and AI services. With increasing demand for AI in the UAE and the broader Middle East, TELUS Digital Middle East is committed to supporting UAE digital transformation goals and smart city initiatives. Our CX innovation capabilities help clients across sectors embrace responsible, AI-powered change. Visit our TELUS Digital Dubai location page to explore how we support AI in the Middle East:
Web Release
2 days ago
- Web Release
IBM Report: Data Breach Costs Drop 18% in the Middle East, Reaching SAR 27 Million in 2025
IBM (NYSE:IBM) released its 2025 Cost of a Data Breach Report, revealing that the average cost of a data breach for businesses in the Middle East reached SAR 27.00 million. This represents a decrease of approximately 18% from SAR 32.80 million the year prior. According to the report, the top three factors that reduced breach costs for local businesses were AI/ML-driven insights, encryption and a DevSecOps approach. In the Middle East, lost business remained the largest cost category in 2025, averaging SAR 11.63 million per breach. This was followed by post-breach response costs at SAR 7.50 million, detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million. While overall breach costs have declined this year, these figures underscore the continued financial strain organizations face across the entire breach lifecycle — from discovery to containment. Certain sectors continued to face significantly high breach costs in 2025. This year, the financial sector recorded the highest total breach cost reaching SAR 34.00 million, followed closely by energy and industrial at SAR 32.00 million. 'It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year. It is no coincidence that a region with some of the world's boldest AI ambitions is also seeing less costly breaches. As organizations accelerate the adoption of AI-driven tools for security, they are improving their ability to detect and contain threats before they escalate. But as attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance tools will be essential to sustaining this momentum,' said Saad Toma, General Manager of IBM Middle East and Africa. Other key findings in the 2025 IBM report for the Middle East include: Mitigating risks of AI model attacks – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI. – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region's more proactive approach to securing and governing AI. AI governance adoption – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%). – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%). Factors that increase costs – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average. – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average. Top initial attack vectors – The most common initial causes of data breaches in 2025 were third-party vendor and supply chain compromise, which account for 17% of incidents and carried an average cost of 29.60 million. Denial of service attacks and phishing each made up 14% of breaches, with average costs of SAR 27.20 million and SAR 28.00 million respectively. Malicious insider threats, while slightly less frequent at 11%, resulted in the highest average cost at SAR 33.00 million. The 2025 Cost of a Data Breach Report analyzed real-world data breaches from over 600 organizations worldwide from March 2024 through February 2025, including organizations from Saudi Arabia and the United Arab Emirates. Conducted by Ponemon Institute and sponsored and analyzed by IBM, the Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years. Additional Sources
