Dubai – MENA Herald: Cyber-crime is not a new phenomenon, but it’s hitting the headlines as never before. According to PwC Middle East’s latest report, there is a renewed willingness among organizations to invest in security, with many organizations incorporating strategic initiatives to improve security and reduce risks. PwC Middle East’s Global State of Information Security survey 2016 looks at how the survey results from over 300 Middle East companies compare to those in the rest of the world, and how businesses are responding to rising cyber-risks.
Mike Maddison, PwC Middle East Partner, Cyber Services Leader & Head of Risk Assurance Services comments, “While companies in the region invest in security technology and protection such as cyber insurance, they are often not supported by the people, processes and governance required to provide real security. This can create a false sense of security, and our survey findings suggest that these challenges are only likely to increase. Given ever greater connectivity, technology convergence, as well as more assertive regulatory and legislative agendas, the sophistication required will continue to increase.”
According to the report, businesses in the Middle East are more likely to have suffered an incident related to cybercrime, with 85% respondents in the region comparing to a global average of 79%. Around 18% of respondents in the region have experienced more than 5,000 attacks, compared to a global average of only 9% – which is higher than in any other region.
The report states that companies, especially in the Middle East, often find it difficult to identify when an attack has taken place: many only discover it when third parties or clients report suspicious messages or requests for funds.
While 85% of companies in the Middle East have established a globally recognised security framework to tackle these attacks, the PwC report states other measures that organizations need to actively focus on:
It’s not just an IT issue, it’s a business issue: Digital is no longer the sole domain of IT and there are very real risks in allowing it to remain so: not just the risks of lost opportunity, but financial, commercial and reputational risks as well. Currently, less than 20% organisations have a strong awareness programme.
It’s a board-level issue: The report suggests that digital should report directly to the Board, and the Board should see it as central to their oversight responsibilities. The report states that even if 24% of Middle Eastern companies have security strategies, less than 15% of boards are behind them, and many of these strategies are too narrowly defined.
It’s an end-to-end issue: Many firms in the region still see cyber as solely audit or IT issues, however, it needs to be integrated into the company’s overall approach to security.
High-profile breaches have highlighted the need for cyber-crime to be managed in the same way as any other threat to business continuity, and owned at Board level. This means detailed planning, scenario exercises, response management and crisis preparedness, involving a wide range of functions such as Legal, HR, Forensic, Risk and Communications.
Companies in the Middle East need not just the right technology, properly adapted to their business, but the right people, the right governance structures, and the right processes. Cyber is an end-t0-end challenge and it needs an end-to-end response.