Dubai: Businesses in the Middle East are more likely to have suffered an incident related to cybercrime, according to a report by consulting firm PricewaterhouseCoopers.
85 per cent said of Middle East respondents said they have been attacked, compared to the global average of 79 per cent.
Around 18 per cent of respondents in the region have experienced more than 5,000 attacks, compared to a global average of only nine per cent — which is higher than in any other region.
The report states that companies, especially in the Middle East, often find it difficult to identify when an attack has taken place: many only discover it when third parties or clients report suspicious messages or requests for funds.
In 2015, 38 per cent more security incidents were detected in the Middle East than in 2014.
PwC Middle East’s Global State of Information Security survey 2016 looks at how the survey results from over 300 Middle East companies compare to those in the rest of the world, and how businesses are responding to rising cyber-risks.
“While companies in the region invest in security technology and protection such as cyber insurance, they are often not supported by the people, processes and governance required to provide real security. This can create a false sense of security, and our survey findings suggest that these challenges are only likely to increase,” said Mike Maddison, PwC Middle East Partner, Cyber Services Leader and Head of Risk Assurance Services comments.
Given ever greater connectivity, he said that technology convergence, as well as more assertive regulatory and legislative agendas, the sophistication required will continue to increase.
While 85 per cent of companies in the Middle East have established a globally recognised security framework to tackle these attacks, he said that there are other measures that organisations need to actively focus on.
Digital is no longer the “sole domain” of IT and there are very real risks in allowing it to remain so: not just the risks of lost opportunity, but financial, commercial and reputational risks as well. Currently, less than 20 per cent of organisations have a strong awareness programme.
The report suggests that digital should report directly to the Board, and the Board should see it as central to their oversight responsibilities. The report states that even if 24 per cent of Middle Eastern companies have security strategies, less than 15 per cent of boards are behind them, and many of these strategies are too narrowly defined.
He said that many firms in the region still see cyber as solely audit or IT issues, however, it needs to be integrated into the company’s overall approach to security.
High-profile breaches have highlighted the need for cybercrime to be managed in the same way as any other threat to “business continuity”, and owned at Board level. This means detailed planning, scenario exercises, response management and crisis preparedness, involving a wide range of functions such as Legal, HR, Forensic, Risk and Communications.
“Companies in the Middle East need not just the right technology, properly adapted to their business, but the right people, the right governance structures, and the right processes. Cyber is an end-to-end challenge and it needs an end-to-end response,” he added.