IBM has released its 2025 Cost of a Data Breach Report, revealing a notable decrease in average breach costs for businesses in the Middle East. According to the report, the average cost fell to SAR 27.00 million, down 18% from SAR 32.80 million the year before.

The report highlighted that AI/ML-driven insights, encryption, and a DevSecOps approach were the top three factors that helped reduce costs for organizations in the region.

Despite the drop, lost business remained the largest cost category, averaging SAR 11.63 million. Post-breach response costs followed at SAR 7.50 million, with detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million.

IBM reported that the financial sector experienced the highest breach costs at SAR 34.00 million. The energy and industrial sectors followed closely with SAR 32.00 million.

Saad Toma, General Manager of IBM Middle East and Africa, noted the region’s proactive use of AI. He stated that AI-driven tools are enhancing detection and response, but emphasized the need for continued investment in security talent and governance.

The report also revealed:

• 41% of Middle East organizations use access controls to protect AI systems, compared to only 3% globally.
• 38% have formal AI governance policies, with another 24% developing them.
• Complex security systems, IoT/OT environments, and staff shortages significantly raise breach costs.

Top initial attack vectors in 2025 included:

• Third-party vendor and supply chain compromise (17%, SAR 29.60 million)
• Denial of service attacks (14%, SAR 27.20 million)
• Phishing (14%, SAR 28.00 million)
• Malicious insider threats (11%, SAR 33.00 million)

IBM conducted the report in partnership with the Ponemon Institute, analyzing over 600 global breaches, including those in Saudi Arabia and the UAE, from March 2024 through February 2025. The report draws on two decades of research, covering nearly 6,500 breaches.

Related post

View all