Shawn - stock.adobe.com
IBM: Data breach cost in ASEAN hits new high
The average cost of a data breach in ASEAN grew by 7% from last year as organisations grapple with increasingly distributed IT environments and complex security systems
The average cost of a data breach in ASEAN reached an all-time high of S$4.34m (US$3.33m) in 2024, representing a 7% increase from last year, a new study has found.
The region’s financial services industry experienced the costliest breaches at S$7.48m, followed by the industrial sector at S$5.62m and the technology sector at S$5.5m, according to IBM’s 2024 Cost of a data breach report.
The study also found that ASEAN organisations that deployed artificial intelligence (AI) and automation to mitigate cyber security threats spent 63 fewer days to identify breaches than those that did not.
They also spent 36 fewer days to contain breaches and incurred an average of S$1.9m less in breach costs compared to those that did not invest in AI and automation.
Catherine Lian, general manager of IBM ASEAN, noted that while generative AI can help to address the skills shortage in cyber security, it is also being used to create and launch attacks at scale.
“ASEAN companies need to invest in AI-driven defences to stay ahead and harness the potential of these technologies, ensuring business continuity and protecting their customers,” she said.
The report found that the increasingly distributed IT environment is also making it harder for organisations to maintain visibility over their data, exposing them to data breaches.
Some 41% of breaches involved data stored across multiple environments including public cloud, private cloud, and on-premises environments. These breaches were also the most expensive at S$4.63m on average and took as long as 287 days to identify and contain.
In addition, the top three factors that increased breach costs for ASEAN organisations were migration to cloud (S$353,806), internet-of-things and operational technology systems that were impacted (S$296,128) and security system complexity (S$243,889).
Phishing was the most common attack vector, accounting for 16% of data breaches in ASEAN with an average total cost of S$4.56m per breach. This was followed by business email compromise and stolen or compromised credentials, each accounting for 13% of incidents. Attacks using zero-day vulnerabilities were the most expensive entry point, costing S$4.86m on average.
The research, conducted by Ponemon Institute and sponsored and analysed by IBM, has been published for 19 consecutive years. This year’s study polled 604 organisations globally, including those in Singapore, Indonesia, the Philippines, Malaysia, Thailand, and Vietnam.
Read more about cyber security in ASEAN
- CrowdStrike CTO Elia Zaitsev explains how the company’s multi-agent AI architecture can help enhance analyst efficiency and tackle cyber security challenges.
- Sophos found three distinct clusters of activity targeted at a high-level government organisation that appeared to be tied to Chinese interests in the South China Sea.
- The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access.
- The chairman of Ensign InfoSecurity traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem.
