IBM Security released its annual Cost of a Data Breach Report, showing the average cost of a data breach in ASEAN countries including Malaysia reached $3.05 million in 2023– an all-time high for the report and a 6% increase year-to-year. Detection and escalation costs jumped 15% over this same time frame, representing the highest portion of breach costs, and indicating a shift towards more complex breach investigations.
The 2023 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 553 organizations globally between March 2022 and March 2023. The ASEAN region includes a cluster sample of companies located in Malaysia, Singapore, Indonesia, the Philippines, Thailand and Vietnam. The research, sponsored and analyzed by IBM Security, was conducted by Ponemon Institute and has been published for 18 consecutive years. Some key findings in the 2023 IBM report include:
- Target Industries – Financial services and energy companies see the highest breach costs. By far the most impacted across ASEAN, the financial sector is paying nearly $4.81 million on average per breach, while the energy sector is paying $3.60 million on average.
- AI Picks Up Speed – AI and automation had the biggest impact on speed of breach identification and containment for studied organizations. In ASEAN countries including Malaysia, organizations with extensive use of both AI and automation experienced a data breach lifecycle that was 99 days shorter with nearly $1.25 million lower data breach costs compared to studied organizations that have not deployed these technologies – the biggest cost saver identified in the report.
- The Cost of Silence – Globally, ransomware victims in the study that involved law enforcement saved $470,000 in average costs of a breach compared to those that chose not to involve law enforcement. Despite these potential savings, 37% of ransomware victims studied did not involve law enforcement in a ransomware attack.
- Detection Gaps – At a global level, only one-third of studied breaches were detected by an organization’s own security team, compared to 27% that were disclosed by an attacker. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organizations that identified the breach themselves.
“Time is the new currency in cybersecurity both for the defenders and the attackers. An extensive security AI and automation are crucial in building a robust threat management capability for organisations to early detect and fast respond to anomalies. This can significantly reduce the impact and losses of businesses and unlock tangible benefits for speed and efficiency,” said Catherine Lian, Managing Director and Technology Leader, IBM Malaysia.
Ransomware ‘Discount Code’
Some studied organizations remain apprehensive to engage law enforcement during a ransomware attack due to the perception that it will only complicate the situation. At a global level, participating organizations that did not involve law enforcement experienced breach lifecycles that were 33-days longer on average than those that did involve law enforcement – and that silence came with a price. Ransomware victims studied that didn’t bring in law enforcement paid on average $470,000 higher breach costs than those that did.
Security Teams Rarely Discover Breaches Themselves
Threat detection and response has seen some progress. According to IBM’s 2023 Threat Intelligence Index, defenders were able to halt a higher proportion of ransomware attacks last year. However, adversaries are still finding ways to slip through the cracks of defense.
Breaching Data Across Environments – In ASEAN and Malaysia nearly 38% of data breaches studied resulted in the loss of data across multiple environments including public cloud, private cloud, and on-prem—showing that attackers were able to compromise multiple environments while avoiding detection. Data breaches studied that impacted multiple environments also led to higher breach costs ($3.14 million on average).