New Research Reveals Impact of Cyber Threats on Digital Transformation in Middle East
With organisations across the world facing an uncertain future due to the disruption of the pandemic, the likely impact of climate change, and a shifting geopolitical landscape, digital transformation has moved to the top of corporate agendas in nearly every vertical. However, newly released research by Mimecast has found that IT decision-makers in the UAE and Saudi Arabia face ongoing challenges with securing their digital transformation efforts against attacks from cybercriminals and other bad actors.
The report “Bridging the Divide: Digital Transformation & Cybersecurity in Saudi Arabia and the UAE” is based on a survey of 400 IT decision-makers across a variety of organisations in these two countries. The aim was to better understand how digital transformation is impacting the threat environment, how decision-makers are responding, and how they work with third parties to combat the threat.
“The speed at which organisations are transforming to adapt to hybrid work and achieve greater efficiency and competitiveness, means cybersecurity is often not a top priority among IT and business decision-makers,” says Werno Gevers, regional manager for the Middle East at Mimecast. “The downside to increased digital transformation is that attack surfaces are wider and there are more opportunities for bad actors to penetrate organisational defences, with many organisations stuck in a reactive mode regarding their security, leaving them unable to get on the front foot against attackers.”
Security concerns halt digital transformation efforts
The research found that more than two-thirds (68%) of organisations in the region have had to postpone a digital transformation initiative due to cybersecurity concerns, with 65% reporting they have cancelled such an initiative outright.
“The widening attack surface created by digital transformation is creating risks across multiple operationally vital departments, including IT, HR and finance,” says Gevers. “Organisations also face a constantly-evolving threat profile, with 43% reporting an increase in a cross-site scripting, 40% seeing an increase in insider threats, and 41% reporting increased instances of phishing.”
To protect against these and other threats, IT teams in the region are taking a wait-and-see stance to security, with 76% saying their approach to security is reactive rather than proactive.
“IT teams cite a lack of capacity (41%) and budget (40%) as key resource challenges preventing them from staying on top of all digital transformation initiatives,” says Gevers. “To help overcome these challenges, IT decision-makers across the region are leaning on cybersecurity awareness training, best-of-breed vendors and automation to help fill security gaps.”
Training, vendors & automation help secure digital transformation
According to the research, 54% of IT decision-makers are utilising cybersecurity awareness training to empower employees and reduce human error as a way of strengthening organisational defences. However, many are falling short in their broader efforts at deploying adequate security solutions, with fewer than one in five (18%) reporting that they use best-of-breed vendors to enable superior protection.
“Worryingly, a third of organisations are reliant on a single vendor, which can create a monoculture that is detrimental to both cybersecurity and digital transformation,” adds Gevers. “However, it’s not all bad news: twenty-nine per cent of respondents agree that a staple of best-of-breed providers integrated through APIs offers superior protection against new and emerging threats.”
To further aid security teams’ efforts and overcome resource and budget constraints, IT decision-makers across the region are investing in the automation of key security functions.
“Eighteen per cent of organisations report having a completely automated incident response capability, while 22% have automated backup and protection,” says Gevers. “This automation drive is expected to free up 40.9 hours per month of entry-level security specialists and up to 38.9 hours at CISO level, creating valuable capacity for IT teams to work on more high-value activities across the business.”