Over 60% CISOs in UAE, Saudi Arabia voice concerns over cyber resilience preparedness Over 60% CISOs in UAE, Saudi Arabia voice concerns over cyber resilience preparedness
Now Reading
Over 60% CISOs in UAE, Saudi Arabia voice concerns over cyber resilience preparedness

Over 60% CISOs in UAE, Saudi Arabia voice concerns over cyber resilience preparedness

New research from Trellix highlights the critical resource gaps reported by two in three CISOs surveyed across the UAE and Saudi Arabia


Despite a continued increase in cybersecurity spending in the region, organisations in the UAE and Saudi Arabia remain ill-equipped to face down the cyber-menace. This was the key finding in a global report released by Trellix, the cybersecurity company.

End-of-decade compound annual growth rate for the GCC cybersecurity market have been revised upwards, from 5.9 per cent in 2017 to as high as 7.6 per cent last year.

While this is an illustration of heightened interest in security matters at the board level, Trellix’s ‘Mind of the CISO report shows that two thirds (66 per cent) of chief information security officer’s (CISOs) in the UAE and Saudi Arabia still believe their organisations lack the right people and processes to be cyber resilient and almost three quarters (74 per cent) believe their current technology setup is insufficient.

The research — which was conducted by Vanson Bourne across nine countries and surveyed 500 CISOs at companies with more than 1,000 employees — found that when it came to challenges around people, more than one in four CISOs in the UAE and Saudi Arabia (26 per cent) decried the lack of skilled talent, as well as their inability to recruit and retain this talent.

Meanwhile, more than one in five (22 per cent) were concerned about a lack of buy-in from their board, and 30 per cent cited lack of buy-in from other parts of their organisation.

From a process standpoint, around 38 per cent of CISOs in the UAE and Saudi Arabia said they lacked the freedom to communicate outside of their organisation for learning purposes. A further 38 per cent expressed frustration with their inability to respond quickly to changing regulatory frameworks and 18 per cent said their processes were poorly designed or they were presented with too many sources of information to be adequately in control of their environment.

“The United Arab Emirates and Saudi Arabia rank consistently high on global maturity indexes for cybersecurity,” said Khaled Alateeq, head of Middle East, Trellix.

“This is because government entities have done a great job in laying out cybersecurity guidelines and regulations and introducing a wide array of skilling initiatives and incentives to attract top talent to the region. Now it is incumbent upon organisations to answer the call and support their CISOs. Our recent Mind of the CISO research is quite clear on what would make life easier for CISOs in the UAE and Saudi Arabia.”

When asked for suggestions on how their enterprise’s senior leadership could help them overcome their challenges, half of CISOs in the UAE and Saudi Arabia said better engagement from such stakeholders would be a good start.

And 38 per cent said better understanding from the rest of the organisation on issues of cybersecurity would help, with 32 per cent calling for a strong support team to assist in their defense efforts.

But predictably, technology continues to be the largest stumbling block between the regional CISO and their ideal threat posture. While two thirds (66 per cent) said people and processes are holding them back from being cyber-resilient, nearly three in four (74 per cent) — a whopping 25 percentage points higher than the global average — said the same of technology.

The report showed further evidence that the strategy of multiple point solutions is out of date. When asked about their experiences with their current security tools and platforms, 38 per cent described them as outdated, 30 per cent said there were too many, and 34 per cent said they did not work well together. Almost all (92 per cent) of those polled across the two Gulf nations said their organisation was using anywhere between 11 and 35 separate tools.

“What comes across most in this study is not the lack of investment,” Alateeq added. “There are plenty of signs that commitments in this regard are on the rise, including the fact that only 36 per cent of respondents cited budget and resource challenges. What emerges here is more of a misdirection of investment. We must ensure the right people and processes are in place for sure. But it is worrying is that amid all the budget increases, we are not yet seeing the right tech in place.”

Alateeq continued: “CISOs are telling us plainly that ‘more solutions’ is not the answer. They need a platform approach that is open and capable of learning and adapting to build a proactive defense. CISOs and their teams must be able to see, protect, and resolve.

They must be able to maximise visibility and peer into every corner of the enterprise. They must be able to have coverage of every asset and be equipped with unrivaled discovery speed when picking up on potential threats. And they must be able to automate their response across this connected security ecosystem to keep their organisation from becoming the latest victim of the threat landscape.”

Read: How cybersecurity can be a powerful shield against threat actors

Also read: Attention CISOs: Getting buy-in requires a solid business case

You might also like


Scroll To Top