Middle East and Africa cyber spend to grow more than five-fold to $13bn by 2023

Regional enterprises spent $2bn to tackle cyber attacks last year, says head of regional trade body

IT services company Cognizant Technology said it became a victim of a ransomware attack. Reuters
Powered by automated translation

Organisations in the Middle East and Africa should develop a reliable information-sharing mechanism with the public sector to beef up the cybersecurity framework and cut down costs predicted to grow more than five-fold in the next three years, say industry experts.

“MEA companies spent $2 billion (Dh7.34bn) tackling cyber attacks last year … this was only the tip of an iceberg as this amount will reach $13bn by 2023,” said Bocar Ba, chief executive of the South Asia, Middle East and North Africa (Samena) Telecommunications Council.

The private sector cannot handle cybersecurity issues alone, though, and “needs government padding”, said Mr Ba.

"Besides an information-sharing mechanism, there should be financial incentives from the government to support cyber investments in the private sector," he added.

Dubai-based Samena is a tri-regional group that represents a community of telecommunications firms, manufacturers, regulators and academia.

"Many regional companies are adopting new [cybersecurity] technologies without having a plan on how to integrate them into the work culture. The situation is [as if] we want every shining object but we don't have an integration plan," Michael Steed, managing partner at Paladin Capital Group, told The National.

Washington-based Paladin, which is working with various companies in the Gulf region, is a global investor in technologies, products and services.

Most of the region's new cybersecurity infrastructure, especially critical cybersecurity used by defence, police and national security bodies, is provided by private manufacturers, said Mr Steed.

“Most of the times there is no exchange of knowledge or data that could potentially thwart many major attacks in critical sectors. We need to bring them [public and private sectors] on the same page of information sharing otherwise long-term results will be not desirable,” he added.

Organisations in the Middle East on average take 77 days to contain incidents of insider threats, according to a report released by cybersecurity company Proofpoint on Tuesday.

The report found organisations in the MEA region have experienced the “highest number of insider-related incidents over the past 12 months” and are likely to experience “credential theft”.

“It is, therefore, crucial in the Middle East to build a culture of cybersecurity among their employees,” said Emile Abou Saleh, regional director at Proofpoint MEA.

An insider threat is one that comes from within an organisation, such as current or former employees, partners and business associates, who have inside information related to the company’s security practices and sensitive data.

Challenges around cybersecurity will become “ever more complex” in the coming days and “no enterprise can survive by working in isolation”, said Ciaran Martin, chief executive of the UK’s National Cyber Security Centre.

“Both the government and private sectors need to be more resilient. Fixing the problem together instead of blaming each other is the key to success.”

The US-based Global Resilience Federation, which works with partners in five continents and builds security information-sharing platforms, predicted "a constant escalation" in cybersecurity spending in the coming years.

"This cycle is unstoppable … the attackers will come up with new forms of attacks and you have to come up with new ways to defend," William Nelson, chief executive of GRF, told The National. He argued, however, that the pace of escalation can be reduced with the timely sharing of information.

On Tuesday, GRF signed an agreement with Saudi Arabia’s National Cybersecurity Authority for a national information-sharing blueprint to help safeguard critical infrastructure in the kingdom.