According to IBM’s 2025 Cost of a Data Breach Report, the average financial impact of a data breach on businesses in the Middle East fell to SAR 27 million this year — an 18% decrease compared to SAR 32.8 million in 2024. The report attributes this decline primarily to the adoption of AI/ML-powered threat detection, stronger encryption practices, and integrated DevSecOps strategies.
Despite the drop, lost business still accounted for the largest portion of breach expenses in the region, averaging SAR 11.63 million. Other major cost drivers included post-breach response (SAR 7.50 million), detection and escalation (SAR 6.55 million), and notification processes (SAR 1.32 million).
Sector-wise, financial services endured the highest breach costs in 2025 at SAR 34 million, followed by the energy and industrial sectors at SAR 32 million.
“The Middle East’s ambitious AI adoption is playing a key role in reducing breach costs,” noted Saad Toma, IBM’s General Manager for the Middle East and Africa. “However, as cybercriminals grow more sophisticated, it’s crucial to maintain investment in AI-powered security tools, skilled security teams, and robust AI governance.”
Other notable insights from the report include:
-
AI model protection: 41% of Middle Eastern organizations deploy access controls on AI systems to guard against model attacks — compared to just 3% of breached organizations globally.
-
AI governance: 38% of companies have formal AI governance frameworks, and 24% are developing them. Common measures include approval protocols for AI deployment (45%), adversarial testing (44%), and governance tech adoption (43%).
-
Cost-increasing factors: Complex security systems added an average of SAR 867K to breach expenses, IoT/OT breaches added SAR 839K, and security staffing shortages raised costs by SAR 819K.
-
Initial breach causes: The leading entry points in 2025 were third-party vendor or supply chain attacks (17%, SAR 29.6M average cost), denial-of-service attacks (14%, SAR 27.2M), phishing (14%, SAR 28M), and malicious insiders (11%), the latter carrying the highest average cost at SAR 33M.
The findings are based on real incidents from over 600 organizations worldwide between March 2024 and February 2025, with data from Saudi Arabia and the UAE included. The annual study, conducted by the Ponemon Institute and sponsored by IBM, has analyzed nearly 6,500 breaches globally over the past two decades.