A recent study by Kaspersky revealed that in the past two years, 15% of UAE companies have encountered cyber incidents due to inadequate cybersecurity investment. The study highlighted that in the Middle East, Turkey, and Africa region, sectors such as critical infrastructure, oil & gas, and energy were the most impacted, with 60% experiencing cyber incidents because of insufficient budgeting for cybersecurity. In the UAE specifically, 20% of companies acknowledged the absence of a budget sufficient for robust cybersecurity defenses.
The research conducted by Kaspersky focused on understanding the role of human factors in a company’s cybersecurity. It surveyed IT Security professionals from small and medium enterprises (SMEs) and larger corporations globally. The study examined the influence of various groups, including internal staff and external contractors, on cybersecurity, with a particular emphasis on how decision-making and budget allocations affect cybersecurity.
The study found that the prevalence of cyber incidents varies across industries. In the META (Middle East, Turkey, and Africa) region, critical infrastructure, energy, and oil & gas sectors reported the highest rate of cyber breaches, 60%, due to budget constraints. The telecommunications sector faced 25% of cyber incidents for the same reason, while the transport & logistics sector experienced 17%, and financial services encountered 14% of such incidents.
Regarding cybersecurity budgets, the survey showed a mixed picture in the UAE. While 76% of respondents believed they have the resources to match or surpass emerging threats, 20% of companies were struggling. Of these, 18% reported insufficient funding to adequately protect their infrastructure, and 2% had no dedicated budget for cybersecurity at all.
A multitude of businesses are poised to bolster their cybersecurity frameworks within the next 1 to 1.5 years. A significant focus is being placed on threat detection software, with 33% of companies investing in this area, and on training initiatives, with 47% allocating funds for professional cybersecurity education and 42% for training their broader staff base. Other key strategies include the adoption of endpoint protection software by 36% of organizations, the recruitment of additional IT staff by 40%, and the integration of SaaS cloud solutions by 38%.
Ivan Vassunov, VP of Corporate Products at Kaspersky, emphasizes the importance of aligning cybersecurity investments with business strategies, making them a key business objective. He notes the necessity for these investments to be cost-effective and to demonstrate a high return on investment (ROI). The information security department is also tasked with presenting these investments to upper management or board members convincingly. Furthermore, the goals extend beyond reducing the mean time to detect (MTTD) and respond (MTTR) to security incidents, to also minimizing the costs associated with these incidents. To achieve these objectives, companies are turning to modern technologies and approaches. For instance, Kaspersky is focusing on developing its Secure Access Service Edge (SASE) portfolio, alongside extended detection and response (XDR) and managed detection and response (MDR) solutions, incorporating AI, machine learning, automated detection and response, and more. To demonstrate transparency and the value of these solutions, Kaspersky offers C-level dashboards and reports detailing incident prevention, response times, and the efficacy of cybersecurity measures, along with insights into industry-specific risks and trends to guide strategic cybersecurity decisions.
The complete report and further insights into the human element of cybersecurity in business can be found through the provided link.
For optimal budget utilization, Kaspersky suggests: