AI cuts Middle East data breach costs by 18% to $7m

By Vriti Gothi

IBM has released its 2025 Cost of a Data Breach Report, revealing a notable decline in breach-related financial damages across the Middle East, with average costs dropping 18% to $7.1million. The report attributes this shift largely to increased adoption of AI/ML-driven cybersecurity, encryption, and DevSecOps practices, especially among financial institutions.

Despite the decline, the financial sector continues to top the breach cost leaderboard, with an average breach cost of SAR 34 million, followed closely by the energy and industrial sectors at SAR 32 million. Lost business remained the biggest contributor to overall costs, averaging SAR 11.63 million per breach, a significant blow to brand reputation and customer trust.

As digital finance players scale rapidly across the region, AI governance and proactive security investments have emerged as top priorities. According to the report:

• 38% of Middle East organisations have formal AI governance policies in place.

• Another 24% are developing policies, with a focus on deployment approvals (45%), adversarial testing (44%), and AI governance tech (43%).

This proactive stance stands in contrast to global benchmarks, especially around AI system access controls, where 41% of Middle Eastern firms have protections in place versus just 3% globally.

For FinTechs operating in high-risk environments or managing vast digital ecosystems, the report provides further caution. Security system complexity, IoT/OT integrations, and talent shortages were cited as significant cost amplifiers, each adding upwards of SAR 800,000 to average breach figures.

Fintechs relying on API integrations and third-party service providers should note that third-party vendor and supply chain compromises were the leading attack vector, accounting for 17% of breaches with an average cost of SAR 29.6 million.

Other major threats include:

• Phishing attacks (14% of cases, SAR 28 million average cost)

• Denial of Service (DoS) attacks (14%, SAR 27.2 million)

• Malicious insiders (11%, but highest cost at SAR 33 million)

The findings reinforce a growing trend across regional FinTechs that strategic investments in AI-driven security infrastructure and governance frameworks are paying off. However, with evolving threats, firms must continue balancing innovation with robust oversight and response capabilities.

The IBM 2025 Cost of a Data Breach Report is based on real-world breach data from over 600 organizations globally — including financial entities across Saudi Arabia and the UAE and was conducted by Ponemon Institute, sponsored and analyzed by IBM.