Dubai / Emirates Business
Cyber-crime is not a new phenomenon, but it’s hitting the headlines as never before. According to PwC Middle East’s latest report, there is a renewed willingness among organizations to invest in security, with many organizations incorporating strategic initiatives to improve security and reduce risks. PwC Middle East’s Global State of Information Security survey 2016 compares survey results from over 300 Middle East companies to those in the rest of the world, and looks into how businesses are responding to rising cyber-risks.
Mike Maddison, PwC Middle East Partner, Cyber Services Leader & Head of Risk Assurance Services comments, “While companies in the region invest in security technology and protection such as cyber insurance, they are often not supported by the people, processes and governance required to provide real security. This can create a false sense of security, and our survey findings suggest that these challenges are only likely to increase. Given ever greater connectivity, technology convergence, as well as more assertive regulatory and legislative agendas, the sophistication required will continue to increase.â€
According to the report, businesses in the Middle East are more likely to have suffered an incident related to cybercrime, with 85% respondents in the region comparing to a global average of 79%. Around 18% of respondents in the region have experienced more than 5,000 attacks, compared to a global average of only 9% – which is higher than in any other region.
While 85% of companies in the Middle East have established a globally recognised security framework to tackle these attacks, the PwC report states other measures that
organizations need to actively focus on:
•It’s not just an IT issue, it’s a business issue: Digital is no longer the sole domain of IT and there are very real risks in allowing it to remain so: not just the risks of lost opportunity, but financial, commercial and reputational risks as well. Currently, less than 20% organisations have a strong awareness programme.
•It’s a board-level issue: The report suggests that digital should report directly to the Board, and the Board should see it as central to their oversight responsibilities. The report states that even if 24% of Middle Eastern companies have security strategies, less than 15% of boards are behind them, and many of these strategies are too narrowly defined.
•It’s an end-to-end issue: Many firms in the region still see cyber as solely audit or IT issues, however, it needs to be integrated into the company’s overall approach to security.