GCC firms must ramp up investments in threat, risk management: report

GCC organizations are already spending approximately $3.5 million per year on identifying and restricting data security breaches

Image used for illustrative purpose.

Image used for illustrative purpose.

Getty Images/ Yuichiro Chino

The global risk landscape is evolving rapidly, and government institutions and private companies in the GCC need to do more to keep up with it, a recent report has said.

In “The Resilience Equation”, US-based consulting firm Booz Allen Hamilton states that the GCC governments have played a vital role in equipping organisations in the region with the necessary tools to build their resilience, but that resilience needs to be boosted further. So far, efforts have been restricted to a small number of sectors, such as banking and telecommunications, and have focused on building silo-specific capabilities.

“Investing in robust threat-mitigation strategies and resilience response could reduce organizations’ exposure to threats that result in untoward incidents,” said Jay Townsend, Principal at Booz Allen Hamilton. “GCC governments have recognized this and, over the past decade, have begun to implement systems and programs to help navigate uncertainty and enhance preparedness and response capabilities. But they need to take this a step further and make it part of the strategic corporate and national agenda.”

According to the report, GCC organizations are already spending approximately $3.5 million per year on identifying and restricting data security breaches, far ahead of the global average of $2.1million.

For instance, in 2014, the UAE’s Regulation and Supervision Bureau (RSB) published a set of business continuity management regulations relating specifically to drinking water, wastewater and electricity services in Abu Dhabi. In Saudi Arabia, the Saudi Arabian Monetary Authority (SAMA) has developed a business continuity management framework that must be adopted by member organizations. In addition, Bahrain, Oman, Qatar and Kuwait have issued organizational frameworks and guidelines specific to business continuity management or other aspects of resilience.

Despite such expenditure, GCC organizations take longer than their European counterparts to contain a breach, with the average reported time in the GCC standing at 260 days, compared to just 138 days in Europe.

Rosa Donno, Senior Associate at Booz Allen Hamilton, said, “GCC organizations are already on the right track to building resilience, but they need to be more aware of their future threats and current weaknesses so that they can take informed strategic and tactical decisions that can be applied across the full spectrum of sectors and industries region-wide in order to prepare for risks and respond effectively to internal and external events.”

According the report, building resilience requires setting a resilience strategy that protects organisations against potential shocks and it should focuses on being proactive and helping to explore options for dealing with surprises and changes.

A well-conceived resilience strategy should include a risk management programme to identify and assess risks, a community management system that is capable of absorbing disruption and testing and exercises plans that are capable of revealing weaknesses.

Risk Management Program. Source: Booz Allen Hamilton

Organizations in the GCC need 47 percent more time than their European counterpart organizations and spend 40 percent more money than the global average.

Compounding the challenges, the region’s governments also continue to struggle with unpredictable events and natural disasters.

The report cited an example of Cyclone Mekunu which wreaked havoc in Oman in May 2018, causing more than $100 million in damage and resulting in 30 casualties in just few days.

"In the context of this challenging and uncertain environment, it is important for organisations in the GCC to double down on their resilience efforts and embed the Resilience Equation in national frameworks that can be applied across the full spectrum of sectors and industries, region-wide," the report concluded.

(Writing by Seban Scaria, editing by Daniel Luiz)

Our Standards: The Thomson Reuters Trust Principles

Disclaimer: This article is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Read our full disclaimer policy here.

© ZAWYA 2019

More From Risk