Dubai, UAE:  A majority of chief information security officers (CISOs) rank cybercriminals as one of the biggest risks they currently face, according to a new KPMG study. The first-ever UAE CISO survey 2020 report highlights key cybersecurity-related challenges faced across sectors, based on inputs from UAE-based CISOs.

According to the KPMG study, 2020 has seen a significant increase in malware and ransomware attacks – for CISOs, phishing is considered the biggest threat (88%), followed by malware (56%) and ransomware (53%). As cyber threats increase, it is key for CISOs to be prepared in the event of a cyber-attack, however 60% of respondents currently do not perform cyberattack simulation exercises.

CISOs are not the only members of the C-suite to be concerned about cybersecurity. More than a third of those surveyed (39%) stated that minimizing the impact of a cyber-attack on the availability of customer or citizen services is a concern for their organization’s board, with 24% being concerned about the theft of customer data. Two-thirds of CISOs (67%) believe managing and protecting customer data is as important as delivering a product or service.

Tim Wood, Partner, Head of Cyber at KPMG Lower Gulf, said: “In the Covid-19 pandemic era, UAE-based organizations are finding their cybersecurity strategies tested by new threats and vulnerabilities not previously considered by CISOs. As they respond to these unprecedented challenges, CISOs are likely to adopt new ways of working, embedding the cybersecurity function into the product and project lifecycle from the start, by implementing security and privacy by design.”

Addressing the new cybersecurity landscape

Cybersecurity spending has increased in recent years and UAE CISOs predict the trend will continue: 79% of CISOs have seen their cybersecurity spend increase over the past two years. As adoption of new technologies and digital platforms accelerates, so too will the cyber threat; 90% of CISOs expressed confidence in introducing cloud technologies and 44% are confident their organization can effectively respond to cybersecurity incidents.

Looking to the future, the KPMG study notes that addressing existing and potential skill gaps would be a key success factor in building internal cybersecurity teams, a key priority for UAE CISOs. Detection capabilities – threat intelligence, security operations, and incident response – are key areas where cybersecurity skills fall short. Next in terms of skill shortage, 24% of CISOs identified a resource shortage in both DevSecOps (the combination of development software and IT operations), and data privacy.

Maliha Rashid, Director, Head of Data Privacy at KPMG Lower Gulf, concluded: “In 2020, the UAE’s CISOs tackled multiple challenges: managing the effects of the Covid-19 pandemic, accelerated adoption of cloud, remote working and an evolving compliance landscape. Going forward, successful CISOs need to be adaptive and augmented, supporting digitalization in their organizations, while maintaining an acceptable cybersecurity posture and striving for compliance with regulations in a cost-effective manner.”

Significant findings of the report:

  • 47% of organizations in the UAE believe cyber criminals to be one of the biggest threats. In fact, for 39% of organizations, minimizing the impact of a cyberattack on the availability of customer or citizen services is a concern.
  • 94% of CISOs believe protecting customer data is vital in gaining consumer trust. Yet only 23% of respondents have embedded security and privacy by design into their waterfall and agile project methodology.
  • 44% of respondents do not conduct a cost-benefit analysis when deciding how cyber risk should be treated.

For more information, download the report here: UAE CISO survey 2020 – Anticipate today, protect tomorrow

-Ends-

About the KPMG UAE CISO survey 2020

The research was conducted using an online survey and responses were collected from UAE-based CISOs over the first half of 2020. Respondents came from across key sectors including financial services, oil & gas, healthcare and government and there was an appropriate spread.

About KPMG International

KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 147 countries and territories and have 219,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.

For media enquiries, please contact:
Mara Carpencu
+971 4 506 5563
mara.carpencu@bpgorange.com 

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2020

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.