Only a quarter (25%) of business leaders across Europe, Middle East and Africa are confident in their current cybersecurity, according to a new study commissioned by VMware. Three quarters (76%) of business leaders and IT security practitioners believe the security solutions their organisation is working with are outdated, even though 42% say they have acquired new security tools over the past year to address potential security issues.
In comparison, in the UAE, 90% of business leaders and IT security practitioners believe their security solutions are outdated. Meanwhile, 50% of respondents in the UAE said they had acquired new security tools over the past year. More than half of all EMEA respondents (54%) plan to spend more on detecting and identifying attacks, and close to one-third (29%) report having 26 or more security products installed across their enterprises. But in the UAE, there appeared to be less appetite for investment, with 33% of UAE respondents planning to spend more on detecting and identifying attacks.
Despite businesses continuing to invest more in their security, nearly a third (31%) of EMEA IT security respondents say it takes up to a week to address a cybersecurity issue. The UAE was in line with the EMEA average, with 30% of respondents taking up to a week to address a cybersecurity issue. In the age of real-time processing, more than one million new Internet users per day, and the amount of business conducted per second via apps, this slow response time is of particular concern.
What’s particularly worrying is that businesses appear trapped in a routine of spending their way through the cybersecurity crisis – with 83% admitting they plan to increase the purchase or installation of new security products in the next three years. The research, conducted amongst 650 enterprises across EMEA, sheds light on a concerning trend of slow and inefficient practices to combat the latest cyber threats – even though the economic impact of cybercrime has risen fivefold since 2013, according to European Union data.
This current approach to security has resulted in businesses losing confidence when it comes to cyber hygiene. Only a quarter (23%) express extreme confidence in the security of their cloud implementations and under a fifth (18%) are confident in the readiness of their people and talent to address security concerns.
According to Rasheed Al-Omari, the Principal Business Solutions Strategist for SEMEA at VMWare, “Modern-day security requires an investment shift away from trying to prevent breaches at all costs and towards building security into everything. This includes applications, networks, and essentially everything that connects to carry data. Despite all the reasonable precautions, breaches are inevitable. What matters is how fast you can detect them, and how effectively you can take mitigating action.”
There is a chasm between business leaders and their security teams on how they perceive progress and collaboration around cybersecurity. Only 21% of IT teams consider their business leaders (C-suite executives) to be highly collaborative when it comes to cybersecurity. Meanwhile, 27% of executives say they are collaborating in a significant way to address cybersecurity issues, versus only 16% of IT security practitioners.
Ahmed Auda, Managing Director, Middle East, Turkey and North Africa, VMware, said: “As defined by Einstein, insanity is doing the same thing over and over again and expecting different results. This is what is happening with IT security, where investment in traditional security solutions continues to be dwarfed by the economic repercussions of breaches. We now live in a world of greater complexity, with more and more complex interactions, more connected devices and sensors, dispersed workers and the cloud, all of which have created an exponentially larger attack surface. This has changed the rules.”
Auda continues, “Encouraging a culture of security awareness and collaboration across all departments and teams is also imperative. Business executives and security and IT operations have to be speaking the same language and recognise what’s at stake. Investing in the right people to drive the cyber best practice forward will see EMEA enterprises stay one step ahead in the world of sophisticated cybercrime.”