Organisations in the UAE and Saudi Arabia are still inadequately prepared to confront the threat of cyber-attacks, according to a recent report.
This comes despite continued increase in cybersecurity spending in the region.
According to a global report released by Trellix, the GCC cybersecurity market’s end-of-decade compound annual growth rates (CAGRs) have been revised upwards, from 5.9 percent in 2017 to as high as 7.6 percent in the last year, indicating increased interest in security matters at the board level. However, according to Trellix’s “Mind of the CISO” report, 66 percent of CISOs in the UAE and Saudi Arabia still believe that their organisations lack the necessary people and processes to be cyber-resilient, and 74 percent think their current technology setup is insufficient.
Skills gap and lack of processes
The research conducted by Vanson Bourne found that over one in four CISOs in the UAE and Saudi Arabia (26 percent) were dissatisfied with the lack of skilled talent and their inability to recruit and retain it. Additionally, 22 percent were concerned about a lack of buy-in from their board, and 30 percent cited a lack of buy-in from other parts of their organisation.
Regarding processes, 38 percent of CISOs in the UAE and Saudi Arabia stated that they lacked the freedom to communicate outside of their organisation for learning purposes. Another 38 percent expressed frustration with their inability to respond quickly to changing regulatory frameworks, and 18 percent felt that their processes were poorly designed, or they were presented with too many sources of information to adequately control their environment.
“The UAE and Saudi Arabia rank consistently high on global maturity indexes for cybersecurity,” said Khaled Alateeq, Head of Middle East, Trellix.
“This is because government entities have done a great job in laying out cybersecurity guidelines and regulations and introducing a wide array of skilling initiatives and incentives to attract top talent to the region. Now it is for talent but incumbent upon organisations to answer the call and support their CISOs. Our recent Mind of the CISO research is quite clear on what would make life easier for CISOs in the UAE and Saudi Arabia.”
The need for a top-down approach
When asked for suggestions on how their enterprise’s senior leadership could assist them in overcoming their challenges, 50 percent of CISOs in the UAE and Saudi Arabia stated that better engagement from such stakeholders would be a good start. Meanwhile, 38 percent said that greater understanding from the rest of the organisation regarding cybersecurity issues would help, and 32 percent called for a robust support team to assist them in their defense efforts.
However, technology continues to be the most significant barrier between regional CISOs and their desired threat posture. While two-thirds (66 percent) of respondents believe that people and processes are hindering them from achieving cyber resilience, a staggering 74 percent said the same of technology. This figure is 25 percentage points higher than the global average.
The report further revealed that the strategy of employing multiple point solutions is outdated. When asked about their current security tools and platforms, 38 percent of respondents described them as outdated, 30 percent felt that there were too many, and 34 percent said that they did not work well together. Additionally, almost all (92 percent) of those polled across the two Gulf nations said that their organisation was using anywhere between 11 and 35 separate tools.
According to Alateeq, the study’s findings reveal a misdirection of investment, rather than a lack of investment. While budget and resource challenges were only cited by 36 percent of respondents, there is a crucial need to ensure that the right people and processes are in place.
“But it is worrying is that amid all the budget increases, we are not yet seeing the right tech in place,” explained Alateeq.
Alateeq continued: “CISOs are telling us plainly that ‘more solutions’ is not the answer. They need a platform approach that is open and capable of learning and adapting to build a proactive defense. CISOs and their teams must be able to see, protect, and resolve. They must be able to maximize visibility and peer into every corner of the enterprise. They must be able to have coverage of every asset and be equipped with unrivaled discovery speed when picking up on potential threats. And they must be able to automate their response across this connected security ecosystem to keep their organisation from becoming the latest victim of the threat landscape.”
