Middle East Information Security Survey 2016: A false sense of security?

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Cyber-crime is not a new phenomenon, but it’s hitting the headlines as never before, with organisations across the world suffering high-profile and damaging breaches. Groups ranging from terrorists to activists have also made use of the internet, so the issue spreads far beyond economic crime. It’s no surprise, then, that the World Economic Forum and Business Continuity Institute see cyber as a major business risk at the moment, or that cybersecurity has become a top priority, both for business leaders and for governments and law enforcement.

PwC has just conducted its latest Global State of Information Security survey, covering 10,000 companies across 127 countries. In this Middle East report, we look at what 300 respondents from 20 countries told us - it's clear from the results that the impact of cyber is broader than ever before, and it needs to be managed that way:

  • It’s not just a technology issue, it’s a business issue. Digital is no longer the preserve of IT, and there are very real risks in allowing it to remain so: not just the risks of lost opportunity, but financial, commercial, and reputational risks too.
  • It’s a board-level issue. Digital should report directly to the Board, and the Board should see it as central to their oversight responsibilities.
  • It’s an end-to-end issue. From IT to physical security, from HR to IP, from Legal to Procurement: there is no aspect of modern organisations that is beyond its scope.

But what about the Middle East? Are the challenges here the same as those in other markets? And are companies in this region addressing them the same way? In this report we look at how the Global State of Information Security survey results for the Middle East compare to those in the rest of the world, and what companies here can do to make themselves and their assets safer, and ensure that they can continue to benefit fully from the positive potential of digital technology. As we will see, Middle East companies do invest in security technology, and other things such as cyber insurance, however they are often not supported by the people, processes and governance required and so create a 'false sense of security'.

A broader approach to managing crime and cyber security

It’s not just a technology issue, it’s a business issue. Digital is no longer the sole domain of IT and there are very real risks in allowing it to remain so: not just the risks of lost opportunity, but financial, commercial, and reputational risks too.

It’s a board-level issue. Digital should report directly to the Board, and the Board should see it as central to their oversight responsibilities.

It’s an end-to-end issue. From IT to physical security, from HR to IP, from Legal to Procurement: there is no aspect of modern organisations that is beyond its scope.

Middle East: More often, more severe

The headline finding is not good news. Companies in the Middle East suffered larger losses than other regions last year, as a result of cyber incidents: 56% lost more than $500,000 compared to 33% globally, and 13% lost at least three working days, compared to 9%. Businesses in the Middle East are also more likely to have suffered an incident like this, compared to the rest of the world (85% of respondents compared to a global average of 79%). And as the graph shows, the difference is particularly striking at the top end: 18% of respondents in the region experienced more than 5,000 attacks, which is higher than any other region, and compares to a global average of only 9%.

Cyber incidents

Looking ahead: Fit for the future?

Cyber security

Responding to rising cyber-risk

Contact us

Taha Khedro

Middle East Technology Leader, PwC Middle East

Tel: +971 4 304 3408

Follow us