Andrew Rose *
Proofpoint, the specialist in cybersecurity and compliance, conducts an annual survey of CIOs around the world to assess and analyze the destinations we see. This year, the 2022 Voice of the CISO report got surprising insights from more than 1,400 chiefs of security, including chiefs of information security in the UAE.
Last year, the report highlighted the growing concern of chiefs of information security regarding the escalating landscape of threats, noting that they are not sure what risks they should prioritize next. Indeed, the chiefs of information security have expressed their concern and confusion.
As for this year, the results seemed more encouraging, as the heads of information security in the UAE expressed greater confidence in their position in terms of cybersecurity following two years of unprecedented turmoil due to the “Covid-19” pandemic. More than two out of every five respondents in the UAE (44%), feel that their organization is at risk of a cyberattack in the next 12 months, a percentage lower than last year; It scored 68% last year.
There is no doubt that security professionals have faced many challenges over the past years, especially that the “Covid-19” pandemic has further exacerbated the situation. CIOs had to adapt to ever-increasing responsibilities, which included operational flexibility, application and product development, business continuity, compliance, privacy, risk management, and physical security. Indeed, the responsibilities were great even before the outbreak of the “Covid-19” pandemic, and increased following that to include cost reduction, speed, remote work and strictness in work completion dates.
It is worth noting that the cyber readiness of organizations has improved dramatically with the clarity of the post-pandemic work environment, which made CIOs feel that they are better prepared to deal with cyber threats. Studies show that 47% of the country’s chief information security officers were unprepared for a targeted attack in 2022 compared to 72% last year.
Reports and studies have proven that the human factor is the main reason why companies are exposed to cyber attacks, with 50% of the heads of information security in the UAE considering human error as their biggest cyber weakness. When asked regarding how employees are likely to cause a data breach, UAE heads of information security said that the malicious internal factor is the most likely carrier; Employees steal company data.
CIOs around the world also believe that their superiors and colleagues have excessive expectations. While CIOs feel less pressure, board acceptance is still risky, given that cyber risks worry business leaders. 38% of CIOs feel expectations regarding their role are excessive, compared to 67% last year.
Looking ahead, we see a lack of consensus among CIOs regarding the most important threats to their organizations. Business email settlement and cloud settlement (O365 or G Suite accounts hacked) topped the list of cyber threats among UAE CIOs, both with 35%. Internal threats follow – whether negligent, accidental or criminal – at 31%. Despite making recent headlines, ransomware reached 28%.
* Resident Information Security Officer at Proofpoint in Europe, the Middle East and Africa
