Majority of chief information security officers (CISOs) rank cybercriminals as one of the biggest risks they currently face, according to a new KPMG study.
The first-ever ‘UAE CISO survey 2020’ report highlights key cybersecurity-related challenges faced across sectors, based on inputs from UAE-based CISOs.
According to the KPMG study, 2020 has seen a significant increase in malware and ransomware attacks – for CISOs, phishing is considered the biggest threat (88%), followed by malware (56%) and ransomware (53%).
As cyber threats increase, it is key for CISOs to be prepared in the event of a cyberattack, however 60% of respondents currently do not perform cyberattack simulation exercises.
CISOs are not the only members of the C-suite to be concerned about cybersecurity. More than a third of those surveyed (39%) stated that minimising the impact of a cyberattack on the availability of customer or citizen services is a concern for their organisation’s board, with 24% being concerned about the theft of customer data. Two-thirds of CISOs (67%) believe managing and protecting customer data is as important as delivering a product or service.
Tim Wood, Partner, Head of Cyber at KPMG Lower Gulf, said: “In the COVID-19 pandemic era, UAE-based organisations are finding their cybersecurity strategies tested by new threats and vulnerabilities not previously considered by CISOs. As they respond to these unprecedented challenges, CISOs are likely to adopt new ways of working, embedding the cybersecurity function into the product and project lifecycle from the start, by implementing security and privacy by design.”
Addressing the new cybersecurity landscape
Cybersecurity spending has increased in recent years and UAE CISOs predict the trend will continue: 79% of CISOs have seen their cybersecurity spend increase over the past two years. As adoption of new technologies and digital platforms accelerates, so too will the cyber threat; 90% of CISOs expressed confidence in introducing cloud technologies and 44% are confident their organization can effectively respond to cybersecurity incidents.
Looking to the future, the KPMG study notes that addressing existing and potential skill gaps would be a key success factor in building internal cybersecurity teams, a key priority for UAE CISOs. Detection capabilities – threat intelligence, security operations and incident response – are key areas where cybersecurity skills fall short.
In terms of skill shortage, 24% of CISOs identified a resource shortage in both DevSecOps (the combination of development software and IT operations) and data privacy.
Maliha Rashid, Director, Head of Data Privacy at KPMG Lower Gulf, added that: “In 2020, the UAE’s CISOs tackled multiple challenges: managing the effects of the COVID-19 pandemic, accelerated adoption of cloud, remote working and an evolving compliance landscape. Going forward, successful CISOs need to be adaptive and augmented, supporting digitalisation in their organisations, while maintaining an acceptable cybersecurity posture and striving for compliance with regulations in a cost-effective manner.”
Significant findings of the report
From the survey findings 47% of organisations in the UAE believe cyber criminals to be one of the biggest threats. In fact, for 39% of organisations, minimising the impact of a cyberattack on the availability of customer or citizen services is a concern. 94% of CISOs believe protecting customer data is vital in gaining consumer trust. Yet only 23% of respondents have embedded security and privacy by design into their waterfall and agile project methodology. 44% of respondents do not conduct a cost-benefit analysis when deciding how cyber risk should be treated.
Click below to share this article
