The cost of data breaches in UAE
We live in a world where the most crucial asset in the world is Data. With the increasing reliance on data for almost everything, it is only natural to understand why breaches happen. To put it into perspective, during the COVID-19 pandemic, the world experienced 3,950 data breaches in 2020.
While the United States has been the worst victim of data breaches, one of the countries facing massive data breaches is UAE. According to Mohamed al-Kuwaiti, head of UAE Government Cyber Security, the data breaches in the country went up by 250% in 2020.
What Losses Does a Company Suffer in Data Breach
Companies, businesses, and governments go the extra mile to secure their data from breaches and cyber attacks. Most of them use security practices for each SDLC stage to keep things cost-effective yet ensure high standards. However, when a security breach happens, the company has to suffer a massive financial blow and invest in a new security system. The following are the losses that a company suffers in a data breach:
● financial loss
● reputational damage
● operational downtime
● legal action
● loss of sensitive data
How Much Does a Data Breach Cost in UAE
According to a report from IBM, 59% of data breaches in the UAE and Middle east happen due to malicious attacks. Furthermore, for each file, the company suffers a loss of about $172 which is quite substantial when you factor in that thousands of files are leaked. So what exactly are the costs involved in a data breach in the UAE? Here are the costs per record/file for a specific data type in the UAE:
Customer PII – $175
Anonymized Customer Data – $171
Employee PII – $163
Intellectual Property – $151
Other Corporate Data – $150
Based on these, some industries have been hit the hardest while some have been able to get by just fine. The worst-hit industry is the Healthcare industry which incurs the highest cost per record lost at $188. Next in line was the financial sector, which averaged at $178 per record lost, while the technology industry found saving grace at $173 per record lost.
Hacking and malicious attacks have caused the maximum damage, and they take the most time to be detected. The study from IBM established a relationship between the time taken to see an attack and its cost to the company. Some of the factors that have the highest impact on data breach costs are:
● third-party data processing
● extensive cloud migration
● lack of understanding of compliance procedures
● use of mobile platforms
● lack of multi-factor authentication (MFA)
● access to SaaS applications
● delays in security patching
The results have revealed that it took 214 days on average to identify the attack and then an additional 77 days to resolve and resume normalcy finally. For the UAE healthcare industry, it took 329 days to identify, rectify and achieve normalcy, while the financial sector needed just 233 days. Furthermore, the number of records that need to be reached to call it a data breach has climbed to 287. It was at 200 in 2020 otherwise.
On average, if the attack was detected within 100 days of the breach, it costs $4.2 million in 2021, up from 2020 when it costs $2.8 million. In 2020, if the attack were identified in 200 days, it would cost $3.8 million, which has increased to $5.4 million in 2021.
Due to COVID-19, remote work has become another factor to take care of. And in cases where there was a data breach with remote work, it cost $1.07 million higher and 58 extra days than it should have for a typical working environment. This was at $400K in 2019 when work was done through offices.
Conclusion
The UAE is experiencing a surge of cyberattacks, and with financially motivated hacking, the number of data breaches is increasing at an alarming rate. Hence, it is best to ensure that security overhauls are done every year to stay on top of things like many organizations in the U.S.A. have adopted.