Image: Getty Images
IBM has released its 2025 edition of the Cost of a Data Breach Report, revealing that the average cost of a data breach in the Middle East declined to $7.29m (SAR27m). This marks a notable 18% drop from $8.86m (SAR32.80m) the previous year. According to the report, the reduction was largely due to increased adoption of AI/ML-driven insights, strong encryption, and a DevSecOps approach.
Lost business remained the most significant contributor to breach costs in the region, averaging $3.14m (SAR11.63m) per incident. This was followed by post-breach response costs at $2.03m (SAR7.50m), detection and escalation at $1.77m (SAR6.55m), and notification costs at $356,400 (SAR 1.32 million).
The financial sector recorded the highest breach costs in 2025, reaching $9.18m (SAR34m), followed closely by the energy and industrial sectors at $8.64m (SAR 32m). These figures highlight the continued financial exposure that organisations face across the entire breach lifecycle.
“It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year. It is no coincidence that a region with some of the world’s boldest AI ambitions is also seeing less costly breaches. As organisations accelerate the adoption of AI-driven tools for security, they are improving their ability to detect and contain threats before they escalate. But as attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance tools will be essential to sustaining this momentum,” said Saad Toma, general manager of IBM Middle East and Africa.
Read: Why UAE businesses are ahead in AI adoption, reveals IBM’s Lula Mohanty
According to the report, 41% of surveyed organisations in the Middle East have implemented access controls on AI systems to mitigate risks of AI model attacks—compared to just 3% globally. This indicates a proactive regional approach to AI security and governance.
AI governance frameworks are also gaining traction, with 38% of organisations already having policies in place and another 24% developing them. Among those with formal governance, the most common practices include strict approval processes for AI deployments (45%), adversarial testing (44%), and the adoption of AI governance technologies (43%).
On the cost side, organisations with complex security environments saw an average increase of $234,200 (SAR867,378) in breach-related costs. Breaches involving IoT or OT systems added $226,730 (SAR839,750), while cybersecurity staffing shortages led to an additional $221,130 (SAR818,997) per incident.
Third-party vendor and supply chain compromises emerged as the most common initial breach vector, accounting for 17% of incidents, with an average cost of $7.99 million (SAR 29.60 million). Denial-of-service attacks and phishing each represented 14% of cases, with costs averaging $7.34m (SAR 27.20m) and $7.56m (SAR 28m) respectively. Malicious insider attacks, though less frequent at 11%, had the highest cost at $8.91m (SAR33m).
The 2025 Cost of a Data Breach Report draws on analysis of over 600 breaches globally, including organisations in Saudi Arabia and the UAE, between March 2024 and February 2025. Conducted by Ponemon Institute and sponsored by IBM, the report is based on over two decades of research and data from nearly 6,500 real-world breaches.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js?v=next’);
