The average cost of a data breach in Asean has hit a record high of S$4.34 million (US$3.33 million) in 2024, representing a 7 per cent increase from 2023, according to research by Ponemon Institute.
The costliest breaches across all industries were reported by the fast-growing region’s financial services firms, at S$7.48 million (US$5.74), followed by the industrial sector at S$5.62 million (US$4.31 million) and the technology sector at S$5.50 million (US$4.22 million).
The study, released this week, found that Asean companies needed nearly nine months on average to identify and contain incidents.
Another finding was that 41 per cent of breaches involved data stored across multiple environments including public cloud, private cloud, and on-premises. These breaches were also the most expensive at S$4.63 million (US$3.55 million) on average and took the longest to identify and contain.
The top three factors that increased breach costs for regional organisations were: migration to the cloud, an impacted Internet of Things/operational technology (IoT/OT) environment and security system complexity.
Cyber criminals used various ways to infiltrate victims’ systems. Phishing was the most common initial attack vector and represents an average total cost of S$4.56 million (US$3.50 million) per breach or 16 per cent of incidents.
This is followed by business e-mail compromise with an average cost of S$4.65 million (US$3.57 million) and stolen or compromised credentials with an average cost of S$4.19 million (US$3.21 million), with each comprising 13 per cent of incidents.
Attacks using zero-day vulnerability were the most expensive entry point, costing an average of S$4.86 million (US$3.73 million).
On the plus side, the findings indicate that adopting security AI and automation can help to cut breach costs. When Asean organisations used these technologies widely, the typical data breach lifespan was shorter than when they were not. Organisations needed 36 fewer days to limit the breach and 63 fewer days to identify it.
Furthermore, businesses that made full use of these technologies experienced an average reduction in breach costs of S$1.9 million (US$1.46 million) when compared to those that did not employ security AI and automation.
“The stakes are higher than ever in the AI era,” said Catherine Lian, general manager for IBM Asean.
She explained that while generative AI has helped to address the skills shortage in areas where security teams are understaffed, it is also being used to create and launch attacks at scale.
“Asean companies need to invest in AI-driven defences to stay ahead and harness the potential of these technologies, ensuring business continuity and protecting their customers,” she added.
Separately, a recent PWC report also found that the cost of breaches experienced by organisations in the larger Asia-Pacific has risen considerably in the past three years.
In 2023, 35 per cent of organisations say they have experienced data breaches costing anywhere from US$1 million to US$20 million over the last three years.
In tandem with this rise, some 84 per cent of Asia-Pacific business and technology have executives noted an increase in their cyber budgets.
The PWC report found that Asia-Pacific’s security spending has steadily grown at a compound annual growth rate (CAGR) of 12.8 per cent since 2022, and is expected to reach US$52 billion by 2027.
