IBM Security’s annual Cost of a Data Breach Report reveals that Security AI is a leading measure in mitigating the rising risks of data breaches today. In 2023, the average cost of a data breach in ASEAN countries, including the Philippines, reached a record $3.05 million, a 6% increase year-to-year.
Globally, only one-third of global breaches were detected by an organization’s own security team, compared to 27% that were disclosed by an attacker holding stolen data for ransom. This is a practice involving a type of malicious software called Ransomware, which locks up a user’s files. Attackers then promise to unlock these files in exchange for a payment. These types of breaches cost nearly $1 million more on average.
Ransomware ‘Discount Code’
Despite ongoing efforts by law enforcement to collaborate with ransomware victims, 37% of respondents still opted not to bring them in. Nearly half (47%) of studied ransomware victims reportedly paid the ransom, a decision that may only drive up incident costs and slow the response.
The report found that organizations often avoid engaging law enforcement during a ransomware attack, fearing it will complicate the situation. However, the IBM report found that not involving law enforcement led to higher breach costs—on average, $470,000 higher.
Breaching Across Environments
In ASEAN and the Philippines, nearly 38% of data breaches resulted in the loss of data across multiple environments, including public and private clouds and on-premises systems. These breaches, which impacted multiple environments, led to higher breach costs ($3.14 million on average). Public and private clouds are internet-based computing services, while on-premises systems are servers that are physically located within an organization.
Additional Key Findings
- Target Industries: Financial services and energy companies in ASEAN face the highest breach costs, with the financial sector paying nearly $4.81 million on average per breach.
- The DevSecOps Advantage: Globally, organizations with a high level of DevSecOps—a set of practices that involve the collaboration of development, security, and operations teams—saw a global average cost of a data breach nearly $1.7 million lower than those without this approach.
- Critical Infrastructure Breach Costs: Globally, critical infrastructure organizations experienced a 4.5% jump in the average costs of a breach compared to last year, increasing to $5.04 million.
AI and Automation: A Cost Saver
Organizations in ASEAN, including the Philippines, that extensively use security AI and automation have cut breach lifecycles by 99 days and reduced data breach costs by nearly $1.25 million. In simple terms, security AI uses machine learning to detect unusual patterns that might indicate a cyber threat, while automation involves using technology to perform repetitive security tasks, allowing human staff to focus on more complex issues.
“In 2023, the industry is reaching a tipping point in the maturity curve for AI in security operations where enterprise-grade AI capabilities can be trusted and automatically acted upon,” said Chris Hockings, Chief Technology Officer of IBM Security, Asia Pacific. “This will unlock tangible benefits for speed and efficiency, which are desperately needed in today’s business landscape.”