A majority of chief information security officers (CISOs) rank cybercriminals as one of the biggest risks they currently face, according to a new KPMG study. The first-ever UAE CISO survey 2020 report highlights key cybersecurity-related challenges faced across sectors, based on inputs from UAE-based CISOs.
According to the KPMG study, 2020 has seen a significant increase in malware and ransomware attacks – for CISOs, phishing is considered the biggest threat (88%), followed by malware (56%) and ransomware (53%). As cyber threats increase, it is key for CISOs to be prepared in the event of a cyber-attack, however, 60% of respondents currently do not perform cyberattack simulation exercises.
CISOs are not the only members of the C-suite to be concerned about cybersecurity. More than a third of those surveyed (39%) stated that minimizing the impact of a cyber-attack on the availability of customer or citizen services is a concern for their organization’s board, with 24% being concerned about the theft of customer data. Two-thirds of CISOs (67%) believe managing and protecting customer data is as important as delivering a product or service.
Tim Wood, Partner, Head of Cyber at KPMG Lower Gulf, said: “In the Covid-19 pandemic era, UAE-based organizations are finding their cybersecurity strategies tested by new threats and vulnerabilities not previously considered by CISOs. As they respond to these unprecedented challenges, CISOs are likely to adopt new ways of working, embedding the cybersecurity function into the product and project lifecycle from the start, by implementing security and privacy by design.”
Addressing the new cybersecurity landscape
Cybersecurity spending has increased in recent years and UAE CISOs predict the trend will continue: 79% of CISOs have seen their cybersecurity spend increase over the past two years. As adoption of new technologies and digital platforms accelerates, so too will the cyber threat; 90% of CISOs expressed confidence in introducing cloud technologies and 44% are confident their organization can effectively respond to cybersecurity incidents.
Looking to the future, the KPMG study notes that addressing existing and potential skill gaps would be a key success factor in building internal cybersecurity teams, a key priority for UAE CISOs. Detection capabilities – threat intelligence, security operations, and incident response – are key areas where cybersecurity skills fall short. Next in terms of skill shortage, 24% of CISOs identified a resource shortage in both DevSecOps (the combination of development software and IT operations), and data privacy.
Other significant findings include:
• 47% of organizations in the UAE believe cybercriminals to be one of the biggest threats. In fact, for 39% of organizations, minimizing the impact of a cyberattack on the availability of customer or citizen services is a concern.
• 94% of CISOs believe protecting customer data is vital in gaining consumer trust. Yet only 23% of respondents have embedded security and privacy by design into their waterfall and agile project methodology.
• 44% of respondents do not conduct a cost-benefit analysis when deciding how cyber risk should be treated.