One in five UAE businesses report insufficient budgeting for cybersecurity

PHOTO

Twenty per cent of companies in the UAE have admitted that they do not have the budget for adequate cybersecurity measures, a new report has found.

Fifteen per cent of companies in the UAE have experienced cyber incidents due to insufficient cybersecurity investment in the last two years, according to a recent study by Kaspersky. Alarmingly, critical infrastructure, oil and gas and energy organisations in the Middle East, Turkey and Africa region suffered the biggest number of cyber incidents due to improper budget allocation (60 per cent).

Kaspersky conducted a study to discover the opinions of IT Security professionals working for SMEs and enterprises worldwide regarding the human impact on the cybersecurity in a company. The research – aimed at gathering information on various groups of people who influence cybersecurity – considered both internal staff, and external contractors. It also analysed the impact decision makers have on cybersecurity in terms of budget allocation.

The situation is different for every industry. For example, critical infrastructure, energy and oil and gas organisations in the Middle East, Turkey and Africa (META) region suffered the greatest number of cyber breaches because of the lack of budget (60 per cent). The telecommunications sector suffered 25 per cent of cyber incidents due to budget constraints, while transport and logistics endured 17 per cent of incidents, and financial services companies saw 14 per cent of them across the region.

When asked about the budget for cybersecurity measures, 76 per cent of respondents in the UAE said they are equipped to keep up with or even stay ahead of new threats. However, 20 per cent of companies are not doing so well – 18 per cent report that they don’t have sufficient funds to protect the company’s infrastructure properly. At the same time, there are still companies without cost allocations for cybersecurity at all – 2 per cent claimed they don’t have a dedicated budget for cyber protection needs.

Many respondents’ companies are eager to take steps to strengthen their cybersecurity in the next 1-1.5 years. One of the most popular areas of investment is threat detection software (33 per cent) and training, where 47 per cent of companies plan to allocate budgets for educational programs for cybersecurity professionals and 42 per cent for training general staff. Other popular measures organisations plan to take soon are introducing endpoint protection software (36 per cent), hiring additional IT professionals (40 per cent), and adopting SaaS cloud solutions (38 per cent).

Ivan Vassunov, vice-president, corporate products at Kaspersky, said: “Today, companies must align cybersecurity investment with a business strategy and consider cybersecurity as one of their business goals. Of course, investments must justify themselves and be effective, so the information security department also faces the task of increasing the ROI of investments in information security and defending investments to senior management or the board of directors. Also, in addition to reducing mean time to detect (MTTD) and mean time to respond (MTTR), information security is tasked with reducing the cost of a security incident. These challenges can be met through the use of various modern approaches and technologies. For example, we are investing in developing our SASE portfolio as well as XDR and MDR with integrated AI, Machine Learning, automated detection and response, automated threat investigation, out of the box integrations and much more. To ensure process transparency and prove the value of our solutions, we also provide C-level dashboards and reports for CISOs, which include information on how many incidents we prevented, how quickly incidents were investigated, and the effectiveness of deployed cybersecurity solutions. We also highlight customer-specific risks, and show them trends particular to the industry to help them shape their cybersecurity by targeting their defenses around current dangers, and justify investments in the necessary technology.”

To get the most out of your budget, Kaspersky recommends:

•Implementing cybersecurity products with advanced anomaly control.

•Using easily-manageable solutions.

•Investing in training for everyone in your company – from general staff to decision makers.

•Considering experts’ help.