Cybersecurity requires collaboration, private sector incentives: SAMENA Telecom Council CEO

At the recent Global Cybersecurity Forum in Riyadh, Bocar Ba, CEO of the SAMENA Telecommunications Council, outlined a comprehensive vision for global cybersecurity that extends far beyond technology. In this interview with Neesha Salian, editor of Gulf Business, Ba discussed how the forum has evolved from a purely technical cybersecurity discussion five years ago to encompass cyber safety, cyber economics, cyber diplomacy, cyber crime, and cyber defense.

Ba emphasised that cybersecurity is fundamentally about interdependency rather than common interest, requiring meaningful engagement where all stakeholders — governments, private sector and developing nations — benefit from collaboration. He stressed that the weakest links in the global system, often found in developing countries experiencing rapid digital transformation, pose risks to the entire interconnected infrastructure.

With cyber breaches costing trillions of dollars and most attacks originating from network edges rather than core infrastructure, Ba called for standardisation, capacity building, investment in human capital, and a new generation of cyber diplomats to address these challenges through frameworks that provide visibility for the next 20 to 30 years.

Here are excerpts from the discussion.

How has the Global Cybersecurity Forum evolved since its launch?

The forum’s scope has widened significantly year by year based on the relevance of the subject, becoming a truly global platform. Five years ago, when we started conversations with speakers and the audience, it was purely about cybersecurity. Now it has expanded to encompass not only cyber safety, but also cyber economics, cyber diplomacy, cyber crime, and cyber defense. It has transformed from a purely technical issue into a global issue that affects economics and geopolitics.

What does the SAMENA Telecommunications Council bring to the cybersecurity conversation?

When we speak about cybersecurity, we usually think about technology and innovation, and protecting consumers, enterprises, and nations. But being mindful about this subject is the prerogative of governments and international organisations, including civil society.

All these aspects and discussions require unlocking access to capital to make it happen. When you look at the distribution of roles of different stakeholders, yes, it’s valid to talk about security at large, but someone has to fund it — and that is the role of the private sector. The question is: what does the private sector get out of it?

What is the private sector’s role in cybersecurity, and what challenges exist in securing their engagement?

The private sector in its role is led by business profits and sustainability. It’s the role of government to protect people, enterprises, and nations — that is not the role of the private sector. The private sector brings technology, innovation, and wants to do business.

We’ve all acknowledged that cybersecurity is a concern of everyone across the value chain, but each party needs to get something out of it. When a government succeeds in having a solid foundation, solid framework, and solid environment about cybersecurity, they have fulfilled their KPI. But for the private sector, addressing cybersecurity might be an obligation, but they have no incentive.

That’s why when we talk about collaboration, I advocate not for sympathy or empathy — I advocate for engagement, meaning each party needs to get something out of it. It’s important for the private sector to get something, and when I’m saying get something, it’s not on a very selfish base. Cybersecurity could be a business case for making money.

We need to have a dialogue, put everything on the table, and see how each party can benefit. We could be sitting on different sides of the table and have joint objectives — you get something, I get something. This is what we have to define to make it meaningful.

What are the main challenges impeding seamless collaboration on cybersecurity?

The key challenge is that cybersecurity is perceived as a technological issue, but it’s not only a technological issue. I think we need to build capacity — this is very important. Advocacy, spreading the gospel at every single layer. Because the way we address it today, we only speak to one stakeholder.

We’re talking about people and populations, but cybersecurity is also a concern for enterprises. Why? The infrastructure that we have — it could be a power plant, an airport, a hospital. But you’re very well aware of the massive arrival of the internet of things. Cybersecurity is also about objects. Therefore, it’s not only people and consumers, not only children for cyber safety, not only companies and infrastructure, but also objects.

What we’re facing today is, if we want to address the issue properly at all layers, we have to work on the standardisation of the equipment that will be connected on the network. This is very important.

Why is focusing on developing nations critical to global cybersecurity?

There is a race, with very advanced nations presenting and displaying what has been done and their success stories. But if we acknowledge that cybersecurity is based on a system where we are all interconnected, the weakest point could corrupt the entire system beyond borders. Therefore, competence and capacity building is not only about the strongest nations — we need to equip the weakest nations. I’m talking about the developing countries.

It’s very important to develop capacity building. The entire market today, if you look at the growth, is across Asia, Middle East, and Africa. These nations where we see digital transformation happening, with huge percentages of growth, they are the weakest in terms of competence. If we have a breach of security in those nations, it can affect all the other nations.

These are elements that should be taken into consideration. It’s not only having the most advanced technology or the most advanced system, but where do we have the weakest point where the breach can happen? We talk about inclusivity — G20 this year will be about inclusivity.

Inclusivity means including also the weakest link in the system.

Where do most cyber attacks originate from in network infrastructure?

We see most of the cyber attacks are not happening from the core network — it is happening from the edge. This is where we don’t have standardisation, and we need to address interoperability and a number of technical issues.

As technologists, we used to have this natural mistake — we always want to leapfrog, we always want to be more and more advanced. As you know, the core infrastructure now, we talk about 5.5G, we are even starting the discussion on 6G, which will be bringing more and more challenges. So it’s important to have a trusted foundation because we are in an era of massive growth.

How does interdependency shape the cybersecurity conversation?

You rightly mentioned digital development is affecting every single aspect of our life. Digital becomes the platform of our life whether we talk about digital identity, hospitals, education, we’ve seen that during Covid-19. So it is central to our life. Therefore, it’s extremely important to have a solid digital infrastructure.

The discussion centers on how we ensure this infrastructure is solid. What’s critical to understand is the interdependency at all layers —and interdependency is stronger than common interest. Common interest can be selfish, but interdependency means we need each other to survive. This interdependency drives us toward negotiation and discussion.

What role does cyber diplomacy play in addressing cybersecurity challenges?

This is where I believe cyber diplomacy is an important subject. Why? Because we need to use the power of diplomacy with the clarity of data. The evidence — the cost of cyber breach is today measured in terms of trillions of dollars.

At a leadership level, I believe cybersecurity needs to be brought in terms of discussion at a leadership level. Private sector to the CEO level, government even to the presidential level. So we need to have leadership. And leadership is about discussing with the other nations, the other frontiers. So I believe cyber diplomacy is a very, very important subject to be addressed. Having a new generation of cyber diplomats is important.

I don’t want to use the term “cyber” because it brings us back to technology and technicalities. But today, the key and most important point is collaboration.

How should collaboration be structured and measured?

Collaboration has to be framed. You cannot say collaboration and put a full stop. What kind of collaboration? It has to be defined. We need to have some commitment. We must be able to develop some new index to be able to understand exactly where we are. What have we said last year? What have we done this year? Where are we? And measure the progress.

Plus, investment in human capital — this is extremely important.

What is your message about cybersecurity education?

The same way today, every single one of our children, when they go out, we tell them, be careful, stay safe. The same way in the digital world, we have to use the same terminology: be careful, stay safe. So education, education, education. And this is important. It touches upon the point of cyber safety for child online protection as well.

Again, the key reason for challenges is ignorance, lack of knowledge, lack of education. If we want to connect the unconnected, we need to have the infrastructure ready. Therefore, the discussions we are having now are about much more cyber diplomacy, cooperation between different nations. How can we improve that? How can we make sure that being a safe country means having a safe neighbourhood? So from one neighborhood, you move to another neighborhood, having an entire safe ecosystem.

As technology development is advancing, opportunities are appearing, but we are facing new cybersecurity challenges.

What makes the SAMENA Telecommunications Council an effective platform for addressing sensitive cybersecurity issues?

Through the platform we have now and being recognised as a very meaningful convening platform, my key role is to bring on the table a subject that nobody wants to discuss because there are so many sensitivities in this subject. But it has to be discussed. Until and unless we put those challenges on the table, it won’t be discussed. Hence, it won’t be solved.

So number one is setting the right agenda for the different stakeholders to discuss. Setting also the right level of priorities.

What are the council’s priorities for the coming months?

The more we advance in technology development, the more we need investment. And once again, this is very important: private sector needs to be incentivised, not only for the sake of profitability, because the use of the profits could be reinvested in the digital economy. But we cannot keep asking only one side to make the effort.

Cybersecurity capacity building costs a lot of money. Digital transformation costs a lot of money. Private sector is not looking for profitability today, it is looking for sustainability and predictability.

We need to sit down — government, private sector, inspired by the academia, and centering the whole discussion around the consumer, the customer, and the people — and make sure that we can build together with engagement and commitment a roadmap for the next 20 to 30 years where we have visibility. So this is where we can have a plan that will engage transparent consultation, that will engage all the stakeholders, and we can work hand in hand together. This is what I’m trying to build through the council.

How does globalisation factor into the council’s work?

We need to integrate one important factor: globalisation. Today in a country — in Saudi Arabia, in UAE, Qatar — we have no problem as stakeholders. But there is a new stakeholder: the nations. So we want to widen the G20 to the G21. We want to increase the size of the market. We are talking about having one market, for example, in Africa. If we have one market, we have to make sure that decisions are not fragmented. Frameworks are unified. Then we can scale and have one market. These are the challenges that we will be addressing very soon.

How do you ensure that growth in digital infrastructure is managed securely?

We have to ensure that the infrastructure is robust, solid, and resilient. And if we have that, it will take us to mass adoption, especially with the developing nations, the new generation, new equipment. And mass adoption means another exponential growth. Therefore, we need to look at it all with the same level of priority. It’s not “we are strong, we are secure today on site A, and we will look after site B tomorrow”. It has to be done at the same time.