Cybersecurity landscape growing in the UAE

The proliferation of digital technologies has been the main factor driving the cybersecurity market in the Middle East and African (Mena) region. This is due to the increase in storage of confidential data in digital form which puts organisations at risk if no adequate cybersecurity safeguards are in place.

Between January and March 2019, the UAE alone have experienced 1.1 million instances of phishing and 23 million instances of malware. The Kaspersky Lab report has indicated that the region is facing 3.16 million attacks in crypto-mining malware and 5.83 million attacks in phishing.

As a result, expenditure on cyber security technologies have increased significantly in the UAE and it is projected that the Middle East and Africa cyber security market would reach $66.5 billion by 2025.
Banks in the Gulf region are probably at the forefront in terms of investing in cybersecurity capabilities. This is mainly driven by the following factors:

.    Banks inherently tend to have minimal appetite for cyber risk
.    The myriad local and global regulations that have to be complied with, depending on the jurisdictions in which they operate
.    The variety of hackers potentially targeting banks and the wider financial services sector, including nation-state actors, organised crime groups, hacktivist groups and individual hackers
.    The imperative to build strong digital capability for customers across all channels, with the need for securing complex business inter-dependencies by connecting authorities, partners, vendors and suppliers within the banking ecosystem

These factors represent the increasing gravity of cyber risks posed to banks, but also indicate a promising shift in the cyber-risk management approach adopted by banks operating in the UAE.
Currently, the more progressive banks recognise cybersecurity is not purely a 'technology problem' but rather a wider business challenge that requires business ownership and strategic development, with clear, aligned support from technology teams. These banks tend to have their information-security risk management processes closely integrated with the overall enterprise risk management framework, to ensure every risk decision is made based on their defined-risk appetite. Chief Information Security Officers (Cisos) have generally reoriented their focus from just 'keeping the lights on' to being fully cognizant of the business side of these issues.

Banks in the UAE share a common challenge in managing mounting global, regional and local regulations that can create cumbersome compliance obligations. Prominent local regulations include the UAE Central Bank's requirements to comply with the information assurance standard, the strengthening of digital channels, and implementing card-security roadmaps.     

-Source: KPMG