GCC organizations need stronger resilience strategies in place to ensure critical functions are restored after disruptive events, says Booz Allen Hamilton

Annual spend on data security breaches is far ahead of global average, however GCC organizations take longer than European counterparts to contain a breach


Dubai: Organizations in the GCC must make resilience an integral part of their threat mitigation strategy across the private sector and government services, to ensure that essential functions are restored after disruptive events, a report by Booz Allen Hamilton, has revealed.

GCC organizations are already spending approximately US$3.5 million per year on identifying and restraining data security breaches, far ahead of the global average of US$2.1million. Despite such enormous spends, GCC organizations take longer than their European counterparts to contain a breach, with the average reported time in the GCC standing at 260 days, compared to just 138 days in Europe.

To reduce this gap, GCC governments are equipping organizations in the region with the necessary tools to build resilience across industries. For example, the UAE’s Regulation and Supervision Bureau (RSB) published a set of business continuity management regulations relating specifically to drinking water, wastewater and electricity services in the emirate of Abu Dhabi. The UAE has also developed several plans to manage emergencies, such as the National Emergency Plan for the Telecom Sector.

Jay Townsend, Principal at Booz Allen Hamilton, said: “Investing in robust threat mitigation strategies and resilience response could reduce organizations’ exposure to threats that result in untoward incidents. GCC governments have recognized this and, over the past decade, have begun to implement systems and programs to help navigate uncertainty and enhance preparedness and response capabilities. But, they need to take this a step further and make it part of the strategic corporate and national agenda.”

Booz Allen Hamilton outlines the following well-conceived “resilience equation” that protects organizations against potential shocks; focuses on being proactive; helps to explore options for dealing with surprises and changes; and defines resilience objectives and guiding principles. The resilience equation comprises Risk Management (RM), Continuity Management (CM) and Testing & Exercises (T&E). Together they provide a holistic view for organizations to thrive and grow through changes, disruptions, and unknown events.

  • Robust Risk Management Program

Organizations must consider an RM program to identify and assess risks across the entire organization and to help with the implementation of risk management strategies. A sustainable risk management program covers eight focus areas, including Governance; Organization and Decision Process; Strategy and Policy; Risk Appetite & Tolerance; Processes & Tools; Culture and Communication; Performance Monitoring; and Business Intelligence.

  • Continuity Management

A CM system is capable of absorbing disruption and provides backups and fail-safes, including mechanisms for rapid response designed to restore operating capacity. It covers the following key areas – Emergency Management Plan; Crisis Management Plan; Continuity of Operations Plan and IT Disaster Recovery Plan.

  • Testing & Exercises

These are T&E plans and procedures that are capable of revealing weaknesses and gaps and that improve organizational coordination, clarify roles and responsibilities, and create a unique learning environment. The best way to prepare for the unforeseen is by assessing strategic options and tactical plans through testing and exercises. T&E unlock benefits associated with building preparedness, increasing resilience and sustaining performance.

Rosa Donno, Senior Associate at Booz Allen Hamilton said: “GCC organizations are already on the right track to building resilience, but they need to be more aware of their future threats and current weaknesses, so that they can take informed strategic and tactical decisions that can be applied across the full spectrum of sectors and industries region-wide, in order to prepare for risks and respond effectively to internal and external events.”

To view the full report, please click here.


For more information please do not hesitate to get in touch with Hala Sarieddine, BPG Orange, Hala.Aarieddine@bpgorange.com  , 00971 50 7937957


Hala Akiki, Booz Allen Hamilton, T +971 4 511 9511, M +971 52 6807599 , Akiki_hala@bah.com 

© Press Release 2019

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

More From Press Releases