Middle East companies suffer more cyber-attacks than any other region

Companies in the Middle East are more likely to suffer from cyber-attacks than the rest of the world's regions, according to a recent study conducted by the Middle East branch of Pricewaterhouse Coopers, one of the world's four leading professional services firms.

The report, which is part of PwC's latest Global State of Information Security Survey, surveyed 300 companies in the Middle East to find out if the challenges they face are the same as in other markets and if they're addressing them the same way.

Titled "A False Sense of Security?", the report found that businesses in the Middle East are more likely to have suffered a cyber-attack compared to the rest of the world, with 85 percent of the respondents compared to the global average of 79 percent.

In addition, the report found that 18 percent of the respondents experienced more than 5,000 attacks, which compares to the global average of just nine percent and is higher than any other region in the world.

The report also found that companies in the Middle East suffered larger losses resulting from cyber-attacks in 2015 than the world's other regions. The results indicated that 56 percent of the respondents lost more than 500,000 dollars, compared to 33 percent globally and 13 percent lost at least three working days, compared to nine percent globally.

The high rate of these attacks, which range from theft of data to coordinated spam emails or phishing attempts, are a result of a number of conditions including the greater prevalence of malware and fax-based scams in the Middle East than in other regions, according to the report.

However, the report found that companies in the region do invest "significant sums in cyber-security measures," with 85 percent of the respondents having a globally recognized security framework, compared to 88 percent globally and 24 percent having an information security strategy, compared to 25 percent globally.

“While companies in the region invest in security technology and protection such as cyber insurance, they are often not supported by the people, processes and governance required to provide real security," PwC Middle East Partner Mike Maddison said, commenting on the findings .

"This can create a false sense of security, and our survey findings suggest that these challenges are only likely to increase. Given ever greater connectivity, technology convergence, as well as more assertive regulatory and legislative agendas, the complexity and sophistication required will continue to increase.”

Moreover, the report indicates that the reasons behind this paradox include that Middle Eastern companies often have a greater tendency to believe cyber issues can be fixed by "buying a technological 'fix'" without supporting that by a parallel investment in awareness and training.

Middle Eastern companies tend to have less support from the board when it comes to cyber-security issues, as the report found that while 24 percent have security strategies, less than 15 percent of boards are behind them.

In addition, these strategies are often "too narrowly defined, relating only to IT and not to the wider impact of digital," as a lot of Middle Eastern companies still view cyber-security as a solely audit or IT issue.

PwC says that to decrease the alarmingly high number of cyber-attacks in the Middle East, companies need to start viewing cyber-security as a business issue, not just a technological one.

To do so, they need to involve the boards in the issue and the employees through training and awareness programs. They also need to find the right governance structures and address cyber-security on an end-to-end basis that integrates it into the company's overall approach to security through a variety of functions such as legal, HR, forensic and communications.