The financial impact of a data breach in Southeast Asia continues to rise with the average cost of an attack now standing at US$2.62 million.
That’s according to newly released IBM Security findings, in conjunction with Ponemon Institute, which reported an increase of 4.89 per cent year-on-year at a regional level, up from $2.53 million in 2018.
Lost business formed the largest proportion of costs during the past 12 months, compared to costs specific to detection and escalation, notification and post-data-breach response. This comprises cost of business disruption and revenue losses from system downtime, cost of lost customers and acquiring new customers (customer turnover), and reputation losses and diminished goodwill.
Average costs of lost business for organisations amounted to $1.42 million regionally, representing 36 per cent of the total average costs of $3.92 million globally.
In ASEAN, 22,500 records are breached in an average attack - at a cost of $176 per lost record - with the time to identify and contain a breach standing at 190 days, and containing the attack at 69 days. Meanwhile, the highest industry average for cost per record is financial services.
Delving deeper, the most costly data breaches result from malicious attacks (43 per cent), either from within or outside of a company, compared to system glitches and human errors.
“Cyber crime represents big money for cyber criminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, global lead of IBM X-Force Incident Response and Intelligence Services.
“With organisations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line - and focus on how they can reduce these costs.”
At a more global level, the cost of a data breach has risen 12 per cent over the past five years and now costs $3.92 million on average. Whitmore said these rising expenses are “representative” of the multi-year financial impact of breaches, increased regulation and the complex process of resolving criminal attacks.
In addition, an average of 67 per cent of data breach costs were realised within the first year after a breach, 22 per cent accrued in the second year and another 11 per cent accumulated more than two years after a breach.
The long-tail costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.