PRESSR: IBM report: Data breach costs drop 18% in the Middle East, reaching SAR 27mln in 2025

Dubai, UAE – IBM IBM released its 2025 Cost of a Data Breach Report, revealing that the average cost of a data breach for businesses in the Middle East reached SAR 27.00 million. This represents a decrease of approximately 18% from SAR 32.80 million the year prior. According to the report, the top three factors that reduced breach costs for local businesses were AI/ML-driven insights, encryption and a DevSecOps approach.

In the Middle East, lost business remained the largest cost category in 2025, averaging SAR 11.63 million per breach. This was followed by post-breach response costs at SAR 7.50 million, detection and escalation at SAR 6.55 million, and notification costs at SAR 1.32 million. While overall breach costs have declined this year, these figures underscore the continued financial strain organizations face across the entire breach lifecycle — from discovery to containment.

Certain sectors continued to face significantly high breach costs in 2025. This year, the financial sector recorded the highest total breach cost reaching SAR 34.00 million, followed closely by energy and industrial at SAR 32.00 million.

“It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year. It is no coincidence that a region with some of the world's boldest AI ambitions is also seeing less costly breaches. As organizations accelerate the adoption of AI-driven tools for security, they are improving their ability to detect and contain threats before they escalate. But as attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance tools will be essential to sustaining this momentum,” said Saad Toma, General Manager of IBM Middle East and Africa.

Other key findings in the 2025 IBM report for the Middle East include:

• Mitigating risks of AI model attacks – To reduce the risk of attacks on AI models, organizations in the Middle East are most commonly implementing access controls on AI systems (41%). By contrast, just 3% of breached organizations globally had such controls in place, highlighting the region’s more proactive approach to securing and governing AI.
• AI governance adoption – 38% of surveyed organizations reported having formal AI governance policies in place, with an additional 24% starting to develop them. For those with policies in place, the most common elements include strict approval processes for AI deployments (45%), adversarial testing (44%) and the use of AI governance technology (43%).
• Factors that increase costs – Organizations with security system complexity incurred an average additional cost of SAR 867,378. Breaches affecting IoT or OT environments added SAR 839,750, while security staff shortages raised costs by SAR 818,997 on average.
• Top initial attack vectors – The most common initial causes of data breaches in 2025 were third-party vendor and supply chain compromise, which account for 17% of incidents and carried an average cost of 29.60 million. Denial of service attacks and phishing each made up 14% of breaches, with average costs of SAR 27.20 million and SAR 28.00 million respectively. Malicious insider threats, while slightly less frequent at 11%, resulted in the highest average cost at SAR 33.00 million.

The 2025 Cost of a Data Breach Report analyzed real-world data breaches from over 600 organizations worldwide from March 2024 through February 2025, including organizations from Saudi Arabia and the United Arab Emirates. Conducted by Ponemon Institute and sponsored and analyzed by IBM, the Cost of a Data Breach Report has investigated nearly 6,500 data breaches over the past 20 years.

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.