Mimecast : Security Issues Hinder Digital Transformation Progress in Saudi Arabia and UAE

Digital transformation in Saudi Arabia and the United Arab Emirates (UAE) proceeded in fits and starts in 2021, according to IT decision-makers in the two Gulf states.

On one hand, COVID-19 constraints served to accelerate transformation to remote and hybrid work environments. Yet time and again, cybersecurity issues tapped the brakes on other planned initiatives. In 2022, IT executives said they are looking to automate and upskill their cyber defenses to make more progress.

These are some of the takeaways from a recent survey commissioned by Mimecast from Opinium Research, which polled 200 IT executives in Saudi Arabia and another 200 in the UAE. The survey gauged their sentiments during a year characterized by mounting cyberattacks across the Middle East.

Separately, Saudi Arabian and UAE participants in a global Mimecast survey gave a pessimistic assessment of the year ahead: The vast majority said it is likely to inevitable that they will suffer a negative business impact from an email-borne attack in 2022.

A Host of Cybersecurity Complications

Saudi/UAE survey respondents digitized and expanded their cybersecurity perimeters as COVID-19 redefined the business environment, with cybersecurity impacts including:

• Slowdown in innovation: Over two-thirds of respondents (68%) postponed a digital transformation initiative due to cybersecurity concerns, and 65% canceled one.
• Weaker security posture: About seven out of 10 (71%) believe their overall cybersecurity posture has been weakened by the initiatives they did take.
• Bigger attack surface: More than a third reported an increase in their attack surface across such vital departments as IT (36%), human resources (37%) and finance (35%).

Shortfalls cited in the Saudi Arabian/UAE survey included:

• Budget: Four out of 10 called this a key challenge.
• Staffing: About the same number (41%) cited staffing shortfalls.
• Approach: More than three-quarters (76%) said their approach to cybersecurity is reactive, not proactive.

Many of the IT executives seemed intent to turn the tide on digital transformation, with cyber defenses including:

• Automation: Over half plan to automate incident response (53%) and data backup and protection (51%) - on top of the 18% to 22% who have taken these steps so far.
• Strategic planning: Over four in 10 (44%) intend to use the time gained through automation to focus attention on more strategic priorities.
• Enterprise-wide engagement: Almost half (48%) are looking to work more closely across the enterprise and with top management.
• Upskilling: Almost half (49%) plan capacity-building within their security teams.

A World of Cybersecurity Threats

The Saudi/UAE survey respondents are defending against several culprits, they said, including increases in the past 12 months in the following:

• Cross-site scripting attacks: These web application attacks were cited to have increased by 43%.
• Phishing: Malicious email volumes are up, said 40% of respondents.
• Insider threats: Whether they involve malicious employee misconduct or unintentional human error, insider threats are growing, said 39%.

Mimecast's global survey with Saudi Arabian and UAE participation surfaced some additional insights:

• Pessimism: In the UAE, 84% of executives said it's likely to inevitable that an email-borne attack will harm their businesses in 2022 (with 8% seeing this as inevitable).
• More pessimism: For Saudi Arabia, the corresponding numbers are worse: 92% and 14%, respectively.

This level of negativity is not reserved to the region, though. Worldwide, 81% of respondents believe their businesses are likely to inevitably going to suffer from an email-borne cyberattack (with 9% considering it inevitable).

Other regional insights from the global survey include:

• Ransomware: While 38% of UAE respondents said their business operations had been significantly impacted by ransomware in the past 12 months, only 16% from Saudi Arabia reported a similar impact.
• Email threats: Email can deliver malicious payloads that lead to ransomware, identity theft and other crimes, with 68% of respondents from UAE and 58% from Saudi Arabia reporting an increase in the volume of email threats in 2021.

Even in view of the growing level of cyberthreat, only 32% of UAE and 44% of Saudi Arabian respondents to the global survey said they have a cyber-resilience strategy.

Cyber Risk Across the Middle East

Across the Middle East, by one estimate, malware attacks reached 161 million in the first half of 2021, up 17% from the first half of 2020.[1] The governments of Saudi Arabia and the UAE continue to take steps to address the risk to their economies.

"Our objective is to establish the UAE as a trusted digital hub globally," wrote Mohamed Hamad Al-Kuwaiti, UAE government head of cybersecurity, in December. He described several steps in that direction, such as the adoption of cybersecurity standards for government agencies in late 2021 and a cybersecurity showcase of innovations in early 2022.[2]

In Saudi Arabia, government initiatives in 2021 have included establishing what some see as regional leadership in national data privacy legislation,[3] implementing a cybersecurity regulatory framework for communications service providers[4] and updating cybersecurity provisions under the third revision of its Cloud Computing Regulatory Framework.[5]

The Bottom Line

During 2021, IT executives in Saudi Arabia and UAE accelerated digital transformation in some ways but were forced to slow it down in others. In each case, cybersecurity concerns shaped decision-making, as captured in new research commissioned by Mimecast.

[1] "Malware Attacks in Middle East Are Increasing, Reaching 161 Million in Only 6 Months," Kaspersky

[2] "Why 2022 Will Usher a New Decade of Cybersecurity," ITP.net

[3] "Updates to Saudi Arabia's Data Protection Law," National Law Review

[4] "Saudi Arabia Implements Cybersecurity Framework," Arab News

[5] "Saudi Arabia Releases Version 3 of its Cloud Computing Regulatory Framework," DLA Piper