Middle East Sees 18% Drop in Data Breach Costs, IBM Report Reveals

The average cost of a data breach in the Middle East has fallen by 18% over the past year, according to IBM’s newly released 2025 Cost of a Data Breach Report. The annual report, which analysed hundreds of global breaches, places the average regional cost at $7.29 million (SAR27 million), down from $8.86 million (SAR32.8 million) in 2024.

The sharp decline is attributed to increased investment in cybersecurity tools powered by artificial intelligence and machine learning, stronger encryption practices, and the wider implementation of DevSecOps principles. IBM said these measures have helped regional organisations better detect and contain breaches before they escalate.

“It’s encouraging to see a meaningful decline in breach costs in the Middle East,” said Saad Toma, General Manager of IBM Middle East and Africa. “This is a region with bold AI ambitions, and the results show that AI-driven security tools are making a measurable impact. But as threats evolve, continued investment in AI capabilities, skilled cybersecurity talent, and governance frameworks will be vital.”

Lost business remains the largest cost component, averaging $3.14 million (SAR11.63 million) per breach, followed by post-breach response costs at $2.03 million (SAR7.50 million). Detection and escalation averaged $1.77 million (SAR6.55 million), while notification expenses stood at $356,400 (SAR1.32 million).

The financial services sector suffered the highest breach costs in the region, with incidents averaging $9.18 million (SAR34 million). The energy and industrial sectors followed closely, recording average losses of $8.64 million (SAR32 million) per incident.

The report also highlights the region’s proactive approach to AI security. While just 3% of organisations globally have implemented access controls on AI systems, 41% of surveyed firms in the Middle East have done so to protect against AI model attacks. Additionally, 38% of organisations have already adopted AI governance frameworks, with another 24% in the process of doing so.

Among those with governance policies, common practices include formal approval processes for AI deployment (45%), adversarial testing (44%), and the use of dedicated AI governance tools (43%).

Despite overall progress, the report warns of increased costs linked to specific vulnerabilities. Organisations with complex security environments saw an average additional cost of $234,200 (SAR867,000), while breaches involving Internet of Things (IoT) or Operational Technology (OT) systems added $226,730 (SAR839,000). Cybersecurity staffing shortages were also costly, raising breach-related expenses by $221,130 (SAR819,000) per incident.

The most common cause of breaches in the region was third-party vendor and supply chain compromise, accounting for 17% of incidents and costing an average of $7.99 million (SAR29.6 million). Denial-of-service attacks and phishing each represented 14% of breaches, while malicious insider attacks—though less frequent—were the most expensive, averaging $8.91 million (SAR33 million).

The report, compiled by the Ponemon Institute and sponsored by IBM, draws on data from over 600 breaches worldwide, including incidents in Saudi Arabia and the UAE, between March 2024 and February 2025.