With organisations throughout the world facing an uncertain future as a result of the pandemic’s disruption, the anticipated consequences of climate change, and a shifting geopolitical landscape, digital transformation has risen to the top of business agendas in practically every industry.
However, according to recent Mimecast research, IT decision-makers in the UAE and Saudi Arabia face continued issues in protecting their digital transformation efforts from cybercriminals and other bad actors.
The report Bridging the Divide: Digital Transformation & Cybersecurity in Saudi Arabia and the UAE is based on a survey of 400 IT decision-makers across a variety of organisations in these two countries. The aim was to better understand how digital transformation is impacting the threat environment, how decision-makers are responding, and how they work with third parties to combat the threat.
“The speed at which organisations are transforming to adapt to hybrid work and achieve greater efficiency and competitiveness, means cybersecurity is often not a top priority among IT and business decision-makers,” says Werno Gevers, regional manager for the Middle East at Mimecast. “The downside to increased digital transformation is that attack surfaces are wider and there are more opportunities for bad actors to penetrate organisational defences, with many organisations stuck in a reactive mode regarding their security, leaving them unable to get on the front foot against attackers.”
According to the research, more than two-thirds (68%) of organisations in the region have had to postpone a digital transformation programme owing to cybersecurity concerns, with 65% saying that they had discontinued such an endeavour entirely.
“The widening attack surface created by digital transformation is creating risks across multiple operationally vital departments, including IT, HR and finance,” says Gevers. “Organisations also face a constantly-evolving threat profile, with 43% reporting an increase in cross-site scripting, 40% seeing an increase in insider threats, and 41% reporting increased instances of phishing.”
To protect against these and other risks, IT teams in the area are taking a wait-and-see approach to security, with 76% reporting a reactive rather than proactive strategy to security.
“IT teams cite a lack of capacity (41%) and budget (40%) as key resource challenges preventing them from staying on top of all digital transformation initiatives,” says Gevers. “To help overcome these challenges, IT decision-makers across the region are leaning on cybersecurity awareness training, best-of-breed vendors and automation to help fill security gaps.”
According to the study, 54% of IT decision-makers are using cybersecurity awareness training to empower staff and eliminate human error as a strategy to boost organisational defences. However, many organisations are falling short in their overall efforts to install suitable security solutions, with less than one-fifth (18%) indicating that they utilise best-of-breed suppliers to offer improved protection.
“Worryingly, a third of organisations are reliant on a single vendor, which can create a monoculture that is detrimental to both cybersecurity and digital transformation,” adds Gevers. “However, it’s not all bad news: twenty-nine percent of respondents agree that a staple of best-of-breed providers integrated through APIs offers superior protection against new and emerging threats.”
To support security teams’ efforts and overcome resource and budget restrictions, IT decision-makers across the area are investing in automation of important security activities.
“Eighteen percent of organisations report having a completely automated incident response capability, while 22% have automated backup and protection,” says Gevers. “This automation drive is expected to free up 40.9 hours per month of entry-level security specialists and up to 38.9 hours at CISO level, creating valuable capacity for IT teams to work on more high-value activities across the business.”
The report Bridging the Divide: Digital Transformation & Cybersecurity in Saudi Arabia and the UAE is now available for download.
