RECENT confirmations of data breaches at major companies like Toyota Motor Philippines and Robinsons Land Corp., currently under investigation by the National Privacy Commission, underscore the escalating threat of cyberattacks in the country.
These incidents follow a series of significant breaches in recent months, including the massive Jollibee Foods Corp. breach affecting millions of customers, and attacks on government agencies, emphasizing the urgent need for enhanced data security measures across all sectors.
A new report from IBM sheds light on the escalating costs associated with these breaches, both globally and within the ASEAN region.
The 2024 IBM Cost of a Data Breach Report reveals that the average cost of a data breach in the ASEAN region has reached a record high of $3.23M, a 6 percent increase from the previous year. In the Philippines, as in other ASEAN countries, critical infrastructure organizations and financial services companies are particularly vulnerable, experiencing the highest breach costs.
“Disruption is the new cost of insecurity, and security is becoming the new cost of doing business. The 2024 report shows the extent and cost of business disruption caused by data breaches, which can even lead to a complete business shutdown. As the collateral damage from data breaches intensifies, lost business and post-breach customer response costs drove the annual spike,” Catherine Lian, General Manager, IBM ASEAN said in a press statement.
The financial impact of data breaches extends far beyond the immediate costs of incident response and recovery. Lost business, operational downtime, and damage to customer relationships contribute significantly to the overall cost. In the ASEAN region, the cost of lost business has jumped nearly 31 percent year-on-year, driving the overall increase in breach costs. Additionally, the report highlights the disruptive effects of breaches, with many organizations experiencing significant business interruptions and prolonged recovery times.
The report also explores the role of AI and automation in both mitigating and exacerbating the risks of data breaches. While the use of AI and automation can help organizations shorten the breach lifecycle and reduce costs, these technologies also expand the attack surface and present new challenges for security teams.
Key findings for the ASEAN region firstly involve data visibility gaps with data stored across multiple environments, including public and private clouds, are the most expensive and take the longest to identify and contain. Second, cloud migration, IoT/OT environments, and security system complexity are among the top factors driving up breach costs. Third, the high process-related costs, including lost business, post-breach customer response, and notification costs have all increased significantly compared to the prior year.
Not surprisingly, at 16 percent, phishing remains the most common initial attack vector, followed by stolen or compromised credentials and business email compromise. It represents an average total cost of $3.39M per breach. Followed by stolen or compromised credentials ($3.12) and business email compromise ($3.46M), accounting for 13 percent of incidents each. Attacks using zero-day vulnerability were the most expensive entry point ($3.62) at 9 percent of breaches studied.
IBM recommends that engaging law enforcement can help ransomware victims avoid paying ransoms and reduce breach costs. Sixty-three percent of ransomware victims who involved law enforcement were also able to avoid paying a ransom.
The IBM report underscores the urgent need for organizations in the Philippines and across the ASEAN region to prioritize cybersecurity and invest in proactive security measures. As the threat landscape continues to evolve, businesses must adopt a comprehensive approach to security that includes AI-driven defenses, robust incident response plans, and ongoing employee training. By taking these steps, organizations can better protect themselves from the growing financial and operational risks associated with data breaches.
“The stakes are higher than ever in the AI era. While generative AI can help address the skills shortage in today’s landscape where security teams are understaffed, it is also being used to create and launch attacks at scale. Security can no longer be an afterthought. ASEAN companies need to invest in AI-driven defenses to stay ahead and harness the potential of these technologies, ensuring business continuity and protecting their customers,” Lian concludes.
