In its latest report on the cost of a data breach, IBM revealed that the average cost of a data breach in the ASEAN region reached a new high of US$3.23 million in 2024, up 6 percent year-on-year. Industries with the highest costs from data breaches included financial services, with the most expensive data breaches (US$5.57 million), followed by the industrial sector (US$4.18 million) and technology (US$4.09 million).

For ASEAN, the 2024 report included a group of sample companies based in Singapore, Indonesia, the Philippines, Malaysia, Thailand and Vietnam.

In the region, 56 percent of organizations surveyed are using AI automation in their security operation center (SOC), an increase of nearly 8 percent year-over-year. The report also found that organizations deploying AI-driven technologies significantly reduced the data leak lifecycle by 99 days and incurred an average of $1.42 million less data leak costs than organizations without security AI and automation.

While AI technologies provide defenders with new tools to quickly identify and automate responses to threats, they also increase the attack surface and are likely to introduce new risks to security teams.

More organizations worldwide faced severe staffing shortages compared to last year (a 26 percent increase). Organizations with little or no security staffing issues reported an average of $1.76 million more in security breach costs.

However, the mounting staffing issues may soon be resolved as more companies said they plan to increase their security budgets compared to last year (63 percent versus 51 percent), with employee training being the top planned investment area. Companies also expect to invest in incident response planning and testing, threat detection and response technologies (e.g. SIEM, SOAR and EDR), identity and access management and data protection tools.

“Disruption is the new cost of uncertainty, and security is becoming the new cost of doing business,” said Catherine Lian, General Manager of IBM Asean. “In the age of AI, the stakes are higher than ever. While generative AI can help address the skills shortage in today’s landscape of understaffed security teams, it is also being used to design and execute attacks at scale. Security can no longer be an afterthought. ASEAN companies must invest in AI-driven defenses to stay ahead.”

Key findings

Other key findings from the IBM 2024 report for the ASEAN region include:

– Gaps in data visibility. According to the 2024 report, 41 percent of breaches involved data stored in multiple environments, including public cloud, private cloud, and on-premises. These breaches were also the most expensive, averaging $3.44 million, and took the longest to identify and contain (287 days).

– Cost-increasing factors. The top three factors that increased the cost of security breaches for on-premises organizations were migration to the cloud ($263,000), impact on the IoT/OT environment ($220,000), and security system complexity ($181,000).

– Process-related activities that increased the cost of data breaches. Business loss costs, such as operational downtime, customer loss and reputational damage, increased nearly 31 percent year over year. Customer response after a security breach increased 16 percent and notification costs increased nearly 13 percent over the same period.

– Lifecycle of a data breach. The ASEAN companies studied took an average of almost nine months (264 days) to detect and contain incidents.

– First attack vectors. At 16 percent, phishing was the most common initial attack vector, causing an average total cost of $3.39 million per breach, followed by stolen or compromised credentials ($3.12 million) and work email misuse ($3.46 million), each accounting for 13 percent of incidents. Attacks via zero-day vulnerabilities were the most expensive entry point, accounting for 9 percent of breaches studied ($3.62 million).

– Fewer ransom payments are made when law enforcement is involved. Globally, ransomware victims saved an average of nearly $1 million in costs by contacting law enforcement compared to those who did not—this saving does not include paying the ransom for those who did pay. Most ransomware victims (63 percent) who contacted law enforcement also avoided paying a ransom.

The 2024 Cost of a Data Breach report is based on an in-depth analysis of real-world data breaches that occurred at 604 organizations worldwide between March 2023 and February 2024.