In 2017, enterprises in these regions paid up to $1,5-million for incidents involving electronic data leaks from their internal systems, and more than $1-million for incidents affecting suppliers that they share data with.

Meanwhile, small and medium businesses (SMBs) lost $141 000 when employees used IT resources inappropriately and $118 000 when there was an incident affecting infrastructure hosted by a third party.

These are among the findings from a Kaspersky Lab study in partnership with B2B International, “IT Security: cost-center or strategic investment?”, which revealed the five IT security incidents that have the most severe financial impact on organisations in the Middle East, Turkey and South Africa.

Even though the cost of a cybersecurity incident is growing, the report shows that the proportion of IT budgets spent on IT security in the META region is declining: 62% of companies in the Middle East, Turkey and South African regions are investing in cybersecurity, which is 3% less than last year.

The average IT security budget for enterprises dropped from 23% of IT budgets to 19% in 2017. This is a concern for businesses, especially as it can be very costly for a business to recover from an IT security incident.

This year, large enterprises in the region paid an average of $591 000 per security incident, while SMBs faced an $88 000 bill per attack.

“Overspending on cybersecurity is not the way forward,” says Maxim Frolov, MD for the Middle East, Turkey and Africa at Kaspersky Lab. “Rather, it is important for organisations to choose the right security vendor that will correctly address their cybersecurity needs.

“However, threats in this part of the world are moving fast and the costs associated with cyber incidents are constantly rising. It is therefore becoming critical for organisations to invest in threat intelligence services, and combine these with the most appropriate security solutions that will mitigate potential harm.”