DOHA: Companies in the Middle East have suffered larger losses than other regions last year as a result of cyber incidents. Around 56 percent lost more than $500,000 compared to 33 percent globally, and 13 percent lost at least three working days, compared to 9 percent, according to a report on cyber security released by PwC Middle East.
The report titled ‘A false sense of security? Cybersecurity in the Middle East’ said 38 percent more security incidents were detected in the Middle East in 2015 than in 2014 while theft of ‘hard’ intellectual property increased to 56 percent in 2015.
According to the report, there is a renewed willingness among organisations to invest in security, with many organisations incorporating strategic initiatives to improve security and reduce risks.
“While companies in the region invest in security technology and protection such as cyber insurance, they are often not supported by the people, processes and governance required to provide real security,” said Mike Maddison, PwC Middle East Partner, Cyber Services Leader & Head of Risk Assurance Services.
“This can create a false sense of security, and our survey findings suggest that these challenges are only likely to increase. Given ever greater connectivity, technology convergence, as well as more assertive regulatory and legislative agendas, the sophistication required will continue to increase,” he added.
Businesses in the Middle East are more likely to have suffered an incident related to cybercrime with 85 percent respondents in the region comparing to a global average of 79 percent. Around 18 percent of respondents in the region have experienced more than 5,000 attacks, compared to a global average of only 9 percent.
The attacks ranged from the actual theft of data, to co-ordinated spam emails or phishing attempts. One of the explanations for the high rate of such incidents in the Middle East may be the greater prevalence of malware in the region, and there are also more fax-based scams than is typical elsewhere, which can be hard for businesses to track centrally.
The report states that companies, especially in the Middle East, often find it difficult to identify when an attack has taken place: many only discover it when third parties or clients report suspicious messages or requests for funds.
High-profile breaches have highlighted the need for cyber-crime to be managed in the same way as any other threat to business continuity, and owned at Board level. This means detailed planning, scenario exercises, response management and crisis preparedness, involving a wide range of functions, added the report.
The Peninsula
