New report says Gulf-based organisations spend more tackling cyber threat but take longer to contain breaches
Organisations in the GCC take longer to contain a cyber breach despite spending more money on identifying and restraining data security violations, according to a new report.
The report by Booz Allen Hamilton said Gulf-based organisations are spending about $3.5 million per year on identifying and restraining data security breaches, far ahead of the global average of $2.1 million.
Despite this, Gulf-based organisations take longer than their European counterparts to contain a breach, with the average reported time in the GCC standing at 260 days, compared to just 138 days in Europe.
To reduce this gap, the report said GCC governments are equipping organisations in the region with the necessary tools to build resilience across industries.
The UAE’s Regulation and Supervision Bureau (RSB) has published a set of business continuity management regulations relating specifically to drinking water, wastewater and electricity services in the emirate of Abu Dhabi. The UAE has also developed several plans to manage emergencies, such as the National Emergency Plan for the Telecom Sector.
Jay Townsend, principal at Booz Allen Hamilton, said: “Investing in robust threat mitigation strategies and resilience response could reduce organisations’ exposure to threats that result in untoward incidents.
"GCC governments have recognized this and, over the past decade, have begun to implement systems and programs to help navigate uncertainty and enhance preparedness and response capabilities. But, they need to take this a step further and make it part of the strategic corporate and national agenda.”
Rosa Donno, senior associate at Booz Allen Hamilton, added: “GCC organisations are already on the right track to building resilience, but they need to be more aware of their future threats and current weaknesses, so that they can take informed strategic and tactical decisions that can be applied across the full spectrum of sectors and industries region-wide, in order to prepare for risks and respond effectively to internal and external events.”