Now in its 17th year, the Cost of a Data Breach Report is more relevant than ever in securing data privacy and cybersecurity, as it offers a deeper understanding of these kinds of security risks by issuing key findings, impacts, and recommendations for different countries, organizations, and industries.
The global study — which was conducted by Ponemon Institute and published by IBM — is based on an in-depth analysis of real-world data breaches experienced by over 500 organizations including 25 organizations in ASEAN countries (countries in the study include Singapore, Indonesia, Philippines, Malaysia, Thailand, and Vietnam).
Globally, the study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, but in ASEAN, costs were declining at around 6% compared to the prior year. Although there is a decline in security incident costs, the average cost of a breach is still higher for organizations that had not undergone digital transformation (due to COVID-19) in the ASEAN countries mentioned above. The cost of a breach was USD 430,000 higher than average. On the other hand, compromised user credentials were the most common attack method used as an entry point by attackers, representing more than 20% of breaches studied in ASEAN.
Here are some more key findings of the Cost of a Data Breach Report in the ASEAN countries:
- Data breaches now cost companies in ASEAN USD 2.64 million (SGD 3.61 million as stated on the table) per incident on average, which is lower than the global average of USD 4.24 million
- In ASEAN, data breaches in financial affairs were most expensive by industry (USD 231 million), followed by transportation (USD 178 million) and technology (USD 172 million).
- Organizations in ASEAN that had not deployed/not started zero trust approach had an average data breach cost of USD2.29 million (SGD4.15 as on the table below) compared to those that had zero trust (depending on the level of maturity) was USD0.75 million lower.
- The average time to detect and contain a data breach was 307 days (223 to detect, 84 to contain) – which is 20 days longer than the prior year report for ASEAN.
- The average records breached were 19,802, and the average per record cost of data breach over 5 years is more than USD140 million per capita cost (SGD192 million per capita cost) in ASEAN.
- Comparing three levels of deployment, 29% of respondents had fully deployed security automation vs. 37% partially deployed and 34% not deployed in ASEAN this 2021.
- In ASEAN, a data breach lifecycle of less than 200 days produced a cost savings of nearly a third over a breach lifecycle longer than 200 days. A breach with a lifecycle over 200 days costs an average of USD 3.09 million (SGD 4.22 million) in 2021 vs. USD 2.19 million (SGD 2.99 million) for a breach with a lifecycle of less than 200 days. The gap of USD 0.9 million represents a difference of 29.1%.