Dubai, UAE, 9 December, 2020:  A majority of chief information security officers (CISOs) rank cybercriminals as one of the biggest risks they currently face, according to a new KPMG study. The first-ever UAE CISO survey 2020 report highlights key cybersecurity-related challenges faced across sectors, based on inputs from UAE-based CISOs.

 

According to the KPMG study, 2020 has seen a significant increase in malware and ransomware attacks – for CISOs, phishing is considered the biggest threat (88%), followed by malware (56%) and ransomware (53%). As cyber threats increase, it is key for CISOs to be prepared in the event of a cyber-attack, however 60% of respondents currently do not perform cyberattack simulation exercises.

CISOs are not the only members of the C-suite to be concerned about cybersecurity. More than a third of those surveyed (39%) stated that minimizing the impact of a cyber-attack on the availability of customer or citizen services is a concern for their organization’s board, with 24% being concerned about the theft of customer data. Two-thirds of CISOs (67%) believe managing and protecting customer data is as important as delivering a product or service. 

 

Tim Wood, Partner, Head of Cyber at KPMG Lower Gulf, said: “In the Covid-19 pandemic era, UAE-based organizations are finding their cybersecurity strategies tested by new threats and vulnerabilities not previously considered by CISOs. As they respond to these unprecedented challenges, CISOs are likely to adopt new ways of working, embedding the cybersecurity function into the product and project lifecycle from the start, by implementing security and privacy by design.”

 

Addressing the new cybersecurity landscape

Cybersecurity spending has increased in recent years and UAE CISOs predict the trend will continue: 79% of CISOs have seen their cybersecurity spend increase over the past two years. As adoption of new technologies and digital platforms accelerates, so too will the cyber threat; 90% of CISOs expressed confidence in introducing cloud technologies and 44% are confident their organization can effectively respond to cybersecurity incidents.

Looking to the future, the KPMG study notes that addressing existing and potential skill gaps would be a key success factor in building internal cybersecurity teams, a key priority for UAE CISOs. Detection capabilities – threat intelligence, security operations, and incident response – are key areas where cybersecurity skills fall short. Next in terms of skill shortage, 24% of CISOs identified a resource shortage in both DevSecOps (the combination of development software and IT operations), and data privacy. 

Maliha Rashid, Director, Head of Data Privacy at KPMG Lower Gulf, concluded: “In 2020, the UAE’s CISOs tackled multiple challenges: managing the effects of the Covid-19 pandemic, accelerated adoption of cloud, remote working and an evolving compliance landscape. Going forward, successful CISOs need to be adaptive and augmented, supporting digitalization in their organizations, while maintaining an acceptable cybersecurity posture and striving for compliance with regulations in a cost-effective manner.”

Significant findings of the report: