New survey suggests 50 per cent of UAE firms seeing cyber security breaches

UAE – According to just released media reports, a whopping 50 per cent of Only 50 per cent of firms in the UAE have been reporting cyber security breaches in the past 12 months.

A KPMG 2015 UAE Cyber Security Survey has found that firms under attack took between two weeks to a month to recover. Over half of the respondents that had been hacked didn’t know that they were being targeted by cyber criminals. Furthermore, only 50 per cent of respondents said that they had cyber-attack contingency arrangements in place.

Many boards in the UAE do not have a comprehensive or accurate view of their cyber risks because threat intelligence and cyber monitoring have often been inconsistently implemented, the survey found. The survey also found that more UAE organisations need to better understand their threat profiles – including who, where and why they are likely to be targeted.

Nitin Khanapurkar, partner, KPMG Lower Gulf, said: “The UAE is on the list of the top 10 destinations targeted by cyber criminals and it comes as no surprise that cyber threats have been growing across key sectors like financial services, oil & gas, technology, government, retail, construction and health care.

“The objective of the 2015 KPMG Cyber Security Survey was to assess UAE organisations’ readiness and ability to respond to cyber security threats and the survey has thrown up some interesting insights.”

A recent report from Cybersecurity Ventures, a leading research and business development firm, has forecast that the cyber security market of the Middle East and African region is expected to grow to US $13.43 billion by the year 2019 – covering an expected compounded annual growth rate of 13.7 per cent in the next five years. Amid this, industry experts have also predicted that digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk. As global cyber-attacks increase in complexity, GCC businesses must prepare themselves for newer and more advanced threat levels, warned a Dubai-based IT consultancy, Condo Protego.

The recently published 2015 Internet Security Threat Report (ISTR) by Symantec found that despite a 14 per cent decrease in malicious e-mails, and 20 per cent fewer targets, highly targeted spear-phishing attacks rose by eight in 2014.

In the UAE alone, targeted attacks rose 400 per cent in 2014, from less than one per cent of the global total, to almost five per cent. Furthermore, the average response time from companies increased from five days in 2013, to 59 days in 2014. These findings confirm increasing intelligence of cybercriminals, and the difficulty faced by organisations to effectively protect their data against such sophisticated attacks. Cybercriminals continue to improve their attack strategies by acquiring new techniques to avoid detection, and using corporate infrastructures to help breach security. These advancements in their methods have led to an increased number of attacks on larger organisations. According to Symantec, five out of six large companies were attacked by skilled hackers in 2014, representing an increase of 40 percent from 2013.

According to experts at Condo Protego, the threat of cyberattacks is now even larger than ever, as Internet of Things developments emerge amid regional smart city initiatives. The increasing quantity and value of data being generated is being recognised by cyber criminals, further putting organisations in the region at risk.