Four-fifths of organisations are not sure if their security efforts are successful, according to the EY Global Information Security Survey 2018-19 (GISS).
Cybersecurity is continuing to rise up the corporate agenda, but many companies are struggling with limited budgets and are not making security a part of core business strategy, the survey shows.
The survey of more than 1,400 C-level cybersecurity and risk leaders indicated that 82% of organisations are unclear about whether they are successfully identifying breaches and incidents; 97% are operating with ‘limited' budgets compared to the level of resilience they require; and 55% of organizations don't make the protection of the organization an integral part of their overall business strategy and execution plans.
The study shows that cybersecurity is still identified as one of the top three business risks. The riskiest vulnerabilities are careless/unaware employees (34%), outdated security controls (26%), unauthorized access (13%) and related to cloud-computing use (10%).
Cloud computing (52%), cybersecurity analytics (38%) and mobile computing (33%) are the highest priorities for cybersecurity investment
Clinton Firth, MENA Cybersecurity Leader, EY, said: "Cybersecurity continues to be one of the top three risks across all industries and government entities in the MENA region. Digital transformation is resulting in more opportunities to exploit while advanced exploitation tools and capabilities are becoming more readily accessible. In general, organisations in MENA are not at a comensurate level of cybersecurity readiness and unfortunately this creates the perfect environment for cyber-attacks in the region."
At the end of 2017, EY opened their multimillion-dollar cybersecurity center in the GCC, the Digital Security Operations Centre (DSOC), to offer protection against cyber-attacks for businesses located across MENA.
The DSOC provides comprehensive 24-hour digital security monitoring of client IT systems, Operational Technology (OT), and Internet of Things (IoT) for the countries of the GCC and greater MENA region, with a focus on threat ‘hunting' and detection.