• | 2:00 pm

Is cybersecurity becoming a tick-box exercise for organizations in the UAE?

A new study reveals a mismatch between cybersecurity experts and senior management.

Is cybersecurity becoming a tick-box exercise for organizations in the UAE?
[Source photo: Venkat Reddy/Fast Company Middle East]

There’s a disconnect between cybersecurity professionals and senior management in organizations in the UAE. A recent study from Trellix revealed that despite widespread board-level ownership of cyber risk, almost half (42%) of UAE cybersecurity professionals say the board needs to pay more attention to digital security. This points to a concern that cyber security is being treated as a tick-box exercise.

According to the report, roughly a quarter (26%) of respondents pointed out that cybersecurity is not prioritized by the C-suite or board level. 

The report also found that 44% of UAE cyber professionals feel undervalued by their company and 36% feel undervalued by their boss – the two major grievances because ownership does not equate to prioritization in the cyber arena.

“Ownership is not enough if it doesn’t translate into action. Creating a culture of cybersecurity across the organization needs to be a priority on the board’s agenda today. The tone from the top must be conducive to robust cybersecurity management. So the board and cybersecurity experts need to find a common data language to understand and discuss cyber risks, how to manage them, and the board’s role in prioritizing a strong security posture across the business,” said Adam Philpott, Chief Revenue Officer, at Trellix.

Fortunately, organizations are having dialogues about cybersecurity. Over two-thirds (67%) said that top leadership and management regularly discuss cybersecurity and compliance. Teamwork and communication are key to building cyber resilience when a big cybersecurity incident or cyber-attack takes place, but they differ from firm to organization.

For instance, 19% of UAE cybersecurity professionals acknowledge that it takes at least a few days or more to disclose it to senior management, despite a third (34%) of them confirming that it is normally reported to the board within an hour. This lag time could represent the difference between effectively thwarting an attack and dealing with unpleasant outcomes.

“As a CISO, CIO or CTO, this means clearly setting out what the top cyber security risks for the organization are and the business impact if the organization’s cybersecurity architecture is not fit-for-purpose to defend against today’s sophisticated and evolving attacks. Clear communication is vital to creating a resilient organization with adaptive security through an interconnected XDR architecture which is able to give the board – and wider business – confidence,” Philpott added.

More Top Stories: