The average cost of a data breach for businesses in the Middle East has dropped significantly, according to IBM’s 2025 Cost of a Data Breach Report. The study found that companies in the region faced an average loss of SAR 27 million per breach this year, down 18% from SAR 32.8 million in 2024.
The annual report, conducted by the Ponemon Institute and sponsored by IBM, analysed over 600 real-world breaches globally between March 2024 and February 2025. It included organizations based in Saudi Arabia and the UAE, providing insights into evolving cybersecurity dynamics in the region.
IBM attributed the decline in breach-related losses to increasing adoption of advanced technologies such as artificial intelligence, machine learning, encryption, and DevSecOps frameworks. These were the top three factors found to have helped reduce financial impact for local businesses.
Saad Toma, General Manager of IBM Middle East and Africa, welcomed the findings as a sign of progress in the region’s digital resilience. “It is encouraging to see a meaningful decline in the cost of data breaches in the Middle East this year,” he said. “It is no coincidence that a region with some of the world’s boldest AI ambitions is also seeing less costly breaches.”
He added, “As attackers grow more sophisticated, continued investment in AI-driven security tools, security talent, and AI governance will be essential to sustain this progress.”
Despite the decline in average costs, lost business remains the most significant financial impact of data breaches in the region, averaging SAR 11.63 million. This was followed by post-breach response costs at SAR 7.5 million, detection and escalation at SAR 6.55 million, and notification expenses at SAR 1.32 million.
Sector-specific costs remained elevated. The financial industry reported the highest average breach cost at SAR 34 million, closely followed by the energy and industrial sector at SAR 32 million.
The report also shed light on growing awareness around AI security. Some 41% of Middle Eastern organizations surveyed said they have implemented access controls to protect AI systems—far ahead of the global average of 3%.
Meanwhile, 38% of firms reported having formal AI governance policies in place, with another 24% in the process of developing them. These frameworks often include approval procedures for AI deployment, adversarial testing, and AI governance technologies.
However, the report highlighted several factors that continue to drive up costs. Security system complexity added an average SAR 867,000 per breach, while breaches involving IoT or operational technology environments added SAR 839,000. Security staff shortages were also a cost multiplier, adding SAR 819,000 on average.
The leading causes of breaches in the region this year were third-party vendor and supply chain compromises, accounting for 17% of all incidents with an average cost of SAR 29.6 million. Denial-of-service attacks and phishing were each responsible for 14% of breaches. Malicious insider threats, though less frequent, led to the highest average cost per breach at SAR 33 million.
IBM’s report underscores both the progress and persistent challenges facing cybersecurity in the Middle East—where digital transformation continues to accelerate alongside growing threats.
