A decade ago, chief executive officers (CEOs) in the MENA region viewed cybersecurity narrowly as a question of firewalls and an issue for the IT department to handle. That has changed, driven in part by regulatory tightening, increasing consumer awareness about data governance, and the growing cost of cyberattacks.
MENA companies have stepped up their efforts on critical issues like data protection and data privacy. Regulations have reshaped corporate structures, with cyber units reporting directly to the CEO rather than IT. This is stimulating the uptake of industry-leading practices and restructuring corporate organizational dynamics to help reframe the future.
The financial sector was the first mover in investing in cyber defense, largely as a response to global regulatory pressure given hackers’ focus on financial malfeasance. To reframe the future of cybersecurity, look at the region’s growing number of smart city and smart district initiatives, which show how cybersecurity is a consideration across every aspect of design and development. Smart cities leverage the convergence of operational technology and information technology — also known as OT/IT — which will be relevant to many sectors in the digitally-connected future.
A vast majority of CEOs in the MENA region now fully acknowledge that cybersecurity is a board-level issue, with breaches having large and potentially existential impacts on brand reputation. In an era where no company has a guaranteed future — largely due to how technology threatens business models and blurs the boundaries between sectors — security supports a business’s resilience. But they need a more comprehensive approach that marries digital transformation, cybersecurity and trust.
Digital transformation: A trust-builder
While many companies want to leverage advanced capabilities like artificial intelligence (AI), automation, the Internet of Things (IoT) and 5G, there is an understandable worry about how these create new cyber risks and widen the “attack surface” for hackers. However, well-deployed digital technology can strengthen rather than compromise the protection and governance of data, digital assets and customers’ privacy through a secure-by-design approach.
Carefully designed and responsible automation leveraging AI, for example, can be better at spotting fraud and are less prone to human error in data entry and handling. Blockchain can improve supply chain integrity. Digital transformation, leveraging a “secure-by-design” approach, enhances companies’ ability to ensure and increase confidentiality and security, building trust among consumers rather than breaching it.
The pandemic forced all MENA organizations to begin or accelerate digital transformation plans. They should prioritize cybersecurity assessments and architecture redesign to ensure digital transformation can be trusted. Just like car safety gives drivers confidence on the road, cybersecurity-by-design will give MENA organizations the appetite to use advanced technology to drive innovation in a digital age.
Develop domestic talent to overcome the cyber capacity crunch and look to partners to help
There is a global shortage of cybersecurity professionals as the scale of the problem outstrips the supply of skills. MENA organizations face a major challenge competing for this limited global talent pool, and while skilled immigration remains a useful tool, they also need to invest in building the domestic talent pool.
This can be done partly by transforming the skills of the current workforce but also requires collaboration with universities, and even high schools to build the pipeline of cyber talent. MENA organizations can also look to managed security service providers, or Cyber Security as a Service. Rather than every company constructing a team and the requisite technologies to provide 24/7 cybersecurity, many are now looking to international and local MSPs, which is somewhat easing the resource pressure.
Move from data to intelligence
Trust is not just about cyber defense but also the responsible use of technology. AI systems have well-documented challenges related to bias. Automation without a “human in the loop” can create a vacuum, leading to non-transparent decisions, which can frustrate customers or lead to unfair outcomes. MENA organizations should participate in the global conversation about the gap between what data and technology can do and what people are willing to let it do. In essence, this requires a shift from seeing data as a resource to be mined for value, toward taking a trusted intelligence approach that embeds data into a framework based on human governance, in which data-powered intelligence aligns with the organization’s values as well as ethical, social, regulatory, legal and business standards.