Digital Trust Insights 2024 - Middle East findings

Aligned to the Global findings, in the Middle East digital and technology risks have topped the list when it comes to the risks organisations are prioritising for mitigation over the next 12 months (57%) as well the risks most connected to an organisation's cyber risks (69%).

Cloud attacks (47% global and 53% in the Middle East) and attacks on connected devices (42% global and 53% in the Middle East)  are the cyber threats survey respondents are most concerned about — two technologies at the heart of business transformation today. There is a slight difference when it comes to the third cyber threat - hack-and-leak operations for global (37%), while business email compromise for the Middle East (32%).

Cyber threats are interconnected and inter-related. When malicious actors break into systems and networks, they often cause damages in multiple ways. What may start as a cloud breach could very well become an advanced persistent threat as bad actors lurk inside the system,  exfiltrating the data, launching a ransomware attack, and then finally leaking the data (“hack and leak”) even if you pay the ransom.

Middle East respondents revealed that loss of revenue (in terms of lost contracts, lost business opportunities) was the top concern for the outcomes of potential cyber attack in the next 12 months (51% vs 48% globally), followed by loss of customer, employee or transaction data (45% vs 52% globally) and damage to the company brand, including loss of customer confidence (44% vs 50% globally). 

Any one of these incidents would be problematic on its own. Taken all together, they can devastate business operations and reputation.

Mega breaches are increasing in number and scale — and cost. 

Globally, the percentage of organisations reporting costs of $1 million or more for their worst breach in the past three years rose to 36% from 27% last year. The corresponding number this year for organisations in the Middle East is 29%. 

Modernisation and optimisation top the cyber-investment priorities for 2024. When asked which investments would be prioritised when allocating your organisation’s cyber budget in the next 12 months, more than half (53%) of our regional respondents chose optimisation of existing technologies and investments in order to identify those with the highest potential to create value, while 43% selected technology modernisation, including cyber infrastructure.

Globally it has been the opposite, with nearly half (49%) of the business leaders globally selected technology modernisation as their priorities, including cyber infrastructure, and 45% chose optimisation of existing technologies and investments.

As businesses push the boundaries of innovation, it enables developers to collaborate no matter where in the world they might be; adopting new, more flexible ways to work; inventing new business models; connecting technologies to help better operate the business; providing superior service to customers and clients; and so on. 

Migration to the cloud has increased in the region, and the demand has been growing steadily among financial services organisations, making it a key point of discussion in the transformation agenda, according to PwC’s recent Cloud Business Survey. Understandably, cloud security remains the top cyber risk concern for more at 53% respondents across the Middle East, compared to 47% globally. 

Bad actors have potentially limitless ways to enter an organisation’s system(s) and therefore, it is critical to place controls everywhere: on identity and access, lateral movement, email accounts, website portals, applications, proprietary information, customer interactions, operating systems, connected devices. However, less than half ( 49%) of Middle East respondents prioritised cloud security investments when allocating the organisation’s cyber budget in the next 12 months, compared to 33% globally. The other investment priorities remained network security (31% vs 285 globally) and application security (30% vs 31% globally). 

Highlighting their organisation’s top priorities in the next 12 months as it shifts to a zero trust mode, 54% of regional respondents said it would be secure cloud networking (as against 42% globally), while 46% said it would be identity and access management, almost the same as global respondents.

As the size of the global digital economy is growing and expanding, and is expected to reach around US$20 trillion in 2025, the size of cybercrime is increasing, leading to global economic losses estimated at around 40% of the size of the digital economy and is expected to increase. Large Language Models of GenAI can be formidable weapons to expedite cyber threat detection and the initial response while simplifying the complex data analysis and security engineering processes. 

Our survey has revealed that 83% respondents in the region vs more than 77% globally strongly agree that their leadership is focused on ethical and responsible use of generative AI tools, while 89% agree that Generative AI will help their organisation develop new lines of business within the next 3 years against 77% globally. 

Many vendors are pushing the limits of GenAI, testing what’s possible. It could be some time before we see broad-scale use of defenceGPTs.  In the meantime, here are the three most promising areas for using GenAI in cyber defence. 

About a third of this year’s Middle East respondents agree that four types of regulation will be most important to securing the future growth of their organisation — harmonisation of cyber and data protection laws (38% vs 36% globally), regulation of AI (36% vs 37% globally), mandatory reporting of cyber risk management, strategy and governance (34% vs 35% globally)) and operational resilience requirements (27% vs 32% globally).